Security News > 2022 > February > US and UK expose new malware used by MuddyWater hackers
US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.
MuddyWater is "Targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America," the two governments said.
This threat group uses multiple malware strains-including PowGoop, Canopy/Starwhale, Mori, POWERSTATS, as well as previously unknown ones-to deploy second-stage malware on compromised systems, for backdoor access, to maintain persistence, and for data exfiltration.
Among the malware detailed today, the US and UK agencies highlighted a new Python backdoor used by MuddyWater operators for persistence and a PowerShell backdoor used to encrypt command-and-control communication channels.
Today's alert follows a similar one issued on Wednesday attributing new malware dubbed Cyclops Blink to the Russian-backed Sandworm hacking group.
Sandworm operators have been using Cyclops Blink since at least June 2019 to build a new botnet replacing VPNFilter by ensnaring vulnerable WatchGuard Firebox and other Small Office/Home Office network devices.
News URL
Related news
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Chinese snoops use F5, ConnectWise bugs to sell access into top US, UK networks (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)