Security News > 2024 > July > Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management software for maintaining persistent access.

"Compared to previous campaigns, this time MuddyWater changed their infection chain and did not rely on the legitimate Atera remote monitoring and management tool as a validator," Sekoia said in a report shared with The Hacker News.

MuddyWater is a state-sponsored threat actor that's assessed to be affiliated with Iran's Ministry of Intelligence and Security.

Cyber attacks mounted by the group have been fairly consistent, leveraging spear-phishing lures in email messages to deliver various RMM tools like Atera Agent, RemoteUtilities, ScreenConnect, SimpleHelp, and Syncro.

"MuddyWater places a high priority on gaining access to business email accounts as part of their ongoing attack campaigns," the French cybersecurity firm noted at the time.

"The increased activity of MuddyWater in the Middle East, particularly in Israel, highlights the persistent nature of these threat actors, who continue to operate against a wide variety of targets in the region," Check Point said.

News URL

https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html