""The campaign was characterized by a high-touch social engineering phase conducted via Microsoft Teams, where the attackers utilized interactive screen-sharing to harvest credentials and manipulate multi-factor authentication (MFA).""
""Once inside, the group bypassed traditional ransomware workflows, forgoing file encryption in favor of data exfiltration and long-term persistence via remote management tools like DWAgent.""
""The findings indicate that MuddyWater is attempting to muddy attribution efforts by increasingly relying on off-the-shelf tools available in the cybercrime underground to conduct its attacks.""
MuddyWater, an Iranian state-sponsored hacking group, has been linked to a ransomware attack characterized as a 'false flag' operation. The attack utilized social engineering via Microsoft Teams to initiate infection, appearing initially as a ransomware-as-a-service operation. However, it was a targeted state-backed attack that focused on data exfiltration rather than file encryption. The group has adapted by using off-the-shelf tools from the cybercrime underground, complicating attribution efforts. This is not the first ransomware attack attributed to MuddyWater, which has a history of targeting organizations with destructive capabilities.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]