Security News > 2024 > July > Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
![Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks](/static/build/img/news/iranian-hackers-deploy-new-bugsleep-backdoor-in-middle-east-cyber-attacks-medium.jpg)
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management software for maintaining persistent access.
"Compared to previous campaigns, this time MuddyWater changed their infection chain and did not rely on the legitimate Atera remote monitoring and management tool as a validator," Sekoia said in a report shared with The Hacker News.
MuddyWater is a state-sponsored threat actor that's assessed to be affiliated with Iran's Ministry of Intelligence and Security.
Cyber attacks mounted by the group have been fairly consistent, leveraging spear-phishing lures in email messages to deliver various RMM tools like Atera Agent, RemoteUtilities, ScreenConnect, SimpleHelp, and Syncro.
"MuddyWater places a high priority on gaining access to business email accounts as part of their ongoing attack campaigns," the French cybersecurity firm noted at the time.
"The increased activity of MuddyWater in the Middle East, particularly in Israel, highlights the persistent nature of these threat actors, who continue to operate against a wide variety of targets in the region," Check Point said.
News URL
https://thehackernews.com/2024/07/iranian-hackers-deploy-new-bugsleep.html
Related news
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Pakistani Hackers Use DISGOMOJI Malware in Indian Government Cyber Attacks (source)
- Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor (source)
- Hackers attack HFS servers to drop malware and Monero miners (source)
- Hackers Exploiting Jenkins Script Console for Cryptocurrency Mining Attacks (source)
- Chinese APT40 hackers hijack SOHO routers to launch attacks (source)
- Japan warns of attacks linked to North Korean Kimsuky hackers (source)
- Hackers use PoC exploits in attacks 22 minutes after release (source)
- Microsoft links Scattered Spider hackers to Qilin ransomware attacks (source)
- UK arrests suspected Scattered Spider hacker linked to MGM attack (source)