MuddyWater is back with new techniques
MuddyWater is back with new techniques
Threat Level
Actor Report
For a detailed threat advisory, download the pdf file here
Summary
MuddyWater used Dropbox links and document attachments with URLs redirected to ZIP archives as lures in its campaign, which also utilized compromised corporate email accounts. In addition to using Remote Utilities and ScreenConnect installers in their archive files, attackers have also switched to Atera Agent. Recent updates to the campaign have enabled the delivery of the Syncro remote administration tool, which could provide attackers with total machine control, enabling reconnaissance, additional backdoor delivery, and sale of access. With such capabilities, a threat actor has nearly unlimited options for accessing corporate machines.