Security News > 2022 > February > US and UK expose new malware used by MuddyWater hackers
US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.
MuddyWater is "Targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America," the two governments said.
This threat group uses multiple malware strains-including PowGoop, Canopy/Starwhale, Mori, POWERSTATS, as well as previously unknown ones-to deploy second-stage malware on compromised systems, for backdoor access, to maintain persistence, and for data exfiltration.
Among the malware detailed today, the US and UK agencies highlighted a new Python backdoor used by MuddyWater operators for persistence and a PowerShell backdoor used to encrypt command-and-control communication channels.
Today's alert follows a similar one issued on Wednesday attributing new malware dubbed Cyclops Blink to the Russian-backed Sandworm hacking group.
Sandworm operators have been using Cyclops Blink since at least June 2019 to build a new botnet replacing VPNFilter by ensnaring vulnerable WatchGuard Firebox and other Small Office/Home Office network devices.
News URL
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Cyber crooks shut down UK, US schools, thousands of kids affected (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- US and UK govts warn: Russia scanning for your unpatched vulnerabilities (source)