Security News > 2022 > February > US and UK expose new malware used by MuddyWater hackers
US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.
MuddyWater is "Targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America," the two governments said.
This threat group uses multiple malware strains-including PowGoop, Canopy/Starwhale, Mori, POWERSTATS, as well as previously unknown ones-to deploy second-stage malware on compromised systems, for backdoor access, to maintain persistence, and for data exfiltration.
Among the malware detailed today, the US and UK agencies highlighted a new Python backdoor used by MuddyWater operators for persistence and a PowerShell backdoor used to encrypt command-and-control communication channels.
Today's alert follows a similar one issued on Wednesday attributing new malware dubbed Cyclops Blink to the Russian-backed Sandworm hacking group.
Sandworm operators have been using Cyclops Blink since at least June 2019 to build a new botnet replacing VPNFilter by ensnaring vulnerable WatchGuard Firebox and other Small Office/Home Office network devices.
News URL
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US and UK govts warn: Russia scanning for your unpatched vulnerabilities (source)
- US says Chinese hackers breached multiple telecom providers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)