Security News > 2023 > April > Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation.
That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084.
"While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation," the tech giant revealed Friday.
Attacks mounted by the group have primarily singled out Middle Eastern nations, with intrusions observed over the past year leveraging the Log4Shell flaw to breach Israeli entities.
The latest findings from Microsoft reveal the threat actor probably worked together with DEV-1084 to pull off the attack, the latter of which conducted the destructive actions after MuddyWater successfully gained a foothold onto the target environment.
All these actions are actions are estimated to have transpired over a roughly three-hour timeframe starting at 12:38 a.m. and ending at 3:21 a.m. It's worth noting here that DEV-1084 refers to the same threat actor that assumed the "DarkBit" persona as part of a ransomware and extortion attack aimed at Technion, a leading research university in Israel, in February.
News URL
https://thehackernews.com/2023/04/iran-based-hackers-caught-carrying-out.html
Related news
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- Surge in Magniber ransomware attacks impact home users worldwide (source)
- Keytronic reports losses of over $17 million after ransomware attack (source)
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)