Security News > 2023 > November > MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel
Iranian nation-state actors have been observed using a previously undocumented command-and-control framework called MuddyC2Go as part of attacks targeting Israel.
The tool has been attributed to MuddyWater, an Iranian state-sponsored hacking crew that's affiliated to the country's Ministry of Intelligence and Security.
The cybersecurity firm said the C2 framework may have been put to use by the threat actor since early 2020, with recent attacks leveraging it in place of PhonyC2, another custom C2 platform from MuddyWater that came to light in June 2023 and has had its source code leaked.
MuddyWater's modus operandi has since received a facelift, using password-protected archives to evade email security solutions and distributing an executable instead of a remote administration tool.
The MuddyC2Go server, in return, sends a PowerShell script, which runs every 10 seconds and waits for further commands from the operator.
While the full extent of MuddyC2Go's features are unknown, it's suspected to be a framework that's responsible for generating PowerShell payloads in order to conduct post-exploitation activities.
News URL
https://thehackernews.com/2023/11/muddyc2go-new-c2-framework-iranian.html
Related news
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)