Security News > 2023 > October > Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as MuddyWater breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.
The attacks observed by Symantec began on February 1, 2023, and utilize a wide assortment of malware, tools, and malicious activity that lasted for 8 months.
On February 5, the attackers compromised a second computer in the network and used a masqueraded version of Plink to configure RDP access.
On September 1, the attacks compromised three more computers, using certutil to download Plink on them and run Wireshark commands on the second webserver to capture network and USB traffic packets.
Activity on the second web server continued until September 9, 2023, with the attackers executing an unknown PowerShell script and performing network shares mounting/unmounting.
'Redfly' hackers infiltrated power supplier's network for 6 months.