Iranian state-backed threat operation MuddyWater, also known as TA450, Mango Sandstorm, and Boggy Sandstorm, leveraged the novel DarkBeatC2 command-and-control infrastructure tool as part of its latest attack campaign, The Hacker News reports.Intrusions involved the usage of a compromised email account belonging to Israeli educational institution Kinneratacil to deliver spearphishing emails that contained Egnyte-hosted attachments that deploy the Atera Agent software, according to a report from Deep Instinct.Kinneratacil was breached following an attack by Lord Nemesis, also known as TunnelVision and Nemesis Kitten, against third-party provider Rashim, indicating that other Rashim customers could have also been subjected to a similar campaign. Meanwhile, DarkBeatC2 had been used by MuddyWater for infected endpoint management, with a C2 connection created to enable further PowerShell script retrieval."While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater's methods remain constant," said researcher Simon Kenin.Such a development follows a report from Palo Alto Networks Unit 42 detailing aerospace and defense-targeted attacks by Iranian state-sponsored group APT33, also known as Peach Sandstorm, Elfin, Refined Kitten, and Curious Serpens, distributing the FalseFont backdoor.
Vulnerability Management, Threat Intelligence, Phishing
Novel C2 tool leveraged in latest MuddyWater attacks

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



