top of page
  • Clipeus

Iran-Nexus Muddywater Targets Telcoms In Africa



Symantec reports an espionage campaign targeting the telecommunication sector in Egypt, Sudan and Tanzania. The events have been attributed to the Iranian state-sponsored threat actor Muddywater.


According to the report, investigation of these events revealed a malicious dynamic link library (DLL) consistent with the MuddyC2Go launcher which executes a PowerShell script which, in turn, enables connection to the command-and-control.


Once achieved foothold, the attackers downloaded a large set of hacking tools including Impacket WMIExec, remote access tools such as SimpleHelp and AnyDesk, and Venom, a proxy typically used in penetration testing. Additionally, investigators identified instances of RevSocks being installed on the compromised systems potentially to evade detection of malicious traffic.

Recent Posts

See All

AcidPour Wiper Targets Linux Devices in Ukraine

A new iteration of the AcidRain wiper malware, dubbed AcidPour, has been identified by SentinelOne's threat intelligence division, SentinelLabs. AcidRain, linked to Russian military intelligence, gain

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page