Telecommunications firms in Egypt, Tanzania, and Sudan have been subjected to attacks by Iranian state-sponsored threat operation MuddyWater last month, reports The Record, a news site by cybersecurity firm Recorded Future.
Several tools have been leveraged by MuddyWater to facilitate the attacks, including the new MuddyC2Go toolset and its PowerShell launcher for malware deployment; the SimpleHelp remote management software for continuous access to compromised devices and command execution; and the Venom Proxy software for managing intranet-connected devices, according to a report from Symantec. Such intrusions mark the first time MuddyWater set sights on the African region and were likely conducted as espionage operations amid the ongoing conflict between Israel and Palestinian militant group Hamas, which also involves Egypt, said Symantec threat intelligence analyst Marc Elias. "The targeted country that most stood out was Egypt, which has a border with Gaza and Israel and is quite involved in the ongoing war," Elias added.
Malicious emails purporting to be invoices that contain ZIP attachments have been delivered to facilitate the execution of a WebDAV-retrieved DLL that loads the updated Strela Stealer variant.
Pro-Russian hacktivist operations Killnet and Passion have leveraged Dstat.cc to promote their DDoS attack capabilities, with the latter touting its abilities to launch level 4 and level 7 intrusions, according to Germany's Federal Crime Police Office, or BKA.
Play, Qilin, Medusa, and LockBit — which was the dominant ransomware operation in 2022 and 2023 before being subjected to law enforcement crackdowns this year — completed the top five, according to an analysis from Check Point.