Network Security, Threat Intelligence

Latest MuddyWater attacks involve novel BugSleep backdoor

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Sliver malware spread by SimpleHelp RMM exploits. (Adobe Stock)

BleepingComputer reports that Iranian state-sponsored threat operation MuddyWater, also known as Seedworm, Static Kitten, Earth Vetala, and MERCURY, has partially replaced remote management tools with the novel custom BugSleep malware to achieve persistent network access in attacks against several organizations in different sectors across various countries, including Israel, India, Saudi Arabia, Turkey, and Portugal.

Intrusions involved the delivery of phishing emails purporting to be webinar or online course invitations with a link, which would redirect to archives with malicious Egnyte-hosted payloads, as well as a custom malware loader facilitating the injection of several BugSleep variants to Microsoft OneDrive, AnyDesk, and other legitimate software, according to an analysis from Check Point Research. "We discovered several versions of the malware being distributed, with differences between each version showing improvements and bug fixes (and sometimes creating new bugs). These updates, occurring within short intervals between samples, suggest a trial-and-error approach," said researchers.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Bastion HostBerkeley Internet Name Domain (BIND)Border Gateway Protocol (BGP)BridgeBusiness Email Compromise (BEC)Domain NameDumpSecDumpster DivingPassword CrackingReconnaissance

You can skip this ad in 5 seconds