Security News > 2023 > April > Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation.

That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084.

"While the threat actors attempted to masquerade the activity as a standard ransomware campaign, the unrecoverable actions show destruction and disruption were the ultimate goals of the operation," the tech giant revealed Friday.

Attacks mounted by the group have primarily singled out Middle Eastern nations, with intrusions observed over the past year leveraging the Log4Shell flaw to breach Israeli entities.

The latest findings from Microsoft reveal the threat actor probably worked together with DEV-1084 to pull off the attack, the latter of which conducted the destructive actions after MuddyWater successfully gained a foothold onto the target environment.

All these actions are actions are estimated to have transpired over a roughly three-hour timeframe starting at 12:38 a.m. and ending at 3:21 a.m. It's worth noting here that DEV-1084 refers to the same threat actor that assumed the "DarkBit" persona as part of a ransomware and extortion attack aimed at Technion, a leading research university in Israel, in February.

News URL

https://thehackernews.com/2023/04/iran-based-hackers-caught-carrying-out.html