Security News > 2022 > February > US and UK expose new malware used by MuddyWater hackers

US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.

MuddyWater is "Targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America," the two governments said.

This threat group uses multiple malware strains-including PowGoop, Canopy/Starwhale, Mori, POWERSTATS, as well as previously unknown ones-to deploy second-stage malware on compromised systems, for backdoor access, to maintain persistence, and for data exfiltration.

Among the malware detailed today, the US and UK agencies highlighted a new Python backdoor used by MuddyWater operators for persistence and a PowerShell backdoor used to encrypt command-and-control communication channels.

Today's alert follows a similar one issued on Wednesday attributing new malware dubbed Cyclops Blink to the Russian-backed Sandworm hacking group.

Sandworm operators have been using Cyclops Blink since at least June 2019 to build a new botnet replacing VPNFilter by ensnaring vulnerable WatchGuard Firebox and other Small Office/Home Office network devices.

News URL

https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/