MuddyWater targets Israeli organizations by exploiting unpatched log4j vulnerabilities

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

MuddyWater, an Iranian threat actor, exploits Log4j two vulnerabilities in SysAid applications to target Israeli organizations. As soon as the attacker gains access to the targeted organization, it establishes persistence, dumps credentials, and moves laterally within the organization using both custom and well-known hacking tools and operating system tools.