Iranian cybercrime group, MuddyWater, used legitimate companies’ emails in phishing attacks, Deep Instinct reported in their recent blog, New MuddyWater Threat: Old Kitten; New Tricks. The attackers tried to install malicious remote administration software on recipients’ systems by sending spam links as HTML attachments—a tactic to evade email security solutions.
Since 2017, the group has targeted private and government organizations in various sectors across Europe, North America, the Middle East, Asia, and Africa. But the group switches modus operandi for each attack to hide its signature.
However, all their activities center around phishing attacks. They use email and remote administration tools to scam businesses and people. This time, MuddyWater used Syncro—a remote administration tool for Managed Service Providers (MSPs). But in their previous operations, they relied on RemoteUtilities and ScreenConnect.
Please click on this link to read more: