Prevailion’s Tailored Intelligence research team has identified fresh sources that pin a series of cyberattacks over the summer on an Iranian threat group known as Muddy Water. These attacks are believed to be an extension of the previously documented BlackWater campaign in April, which created a series of compromised systems.
The discovery of these compromises comes days after the Department of Homeland Security issued a bulletin warning of potential Iranian cyber attacks, and these campaigns reveal that Iranian-based threat actors are well-positioned to launch attacks at a moment’s notice.
One of the tactics used by Muddy Water throughout the summer capitalized on global interest in President Donald Trump’s Federal Reserve chairman nominee Stephen Moore. The threat actors distributed a document with wording sourced from an April 23rd article in The New York Times referencing Moore, which was used as bait to install remote trojans into unsuspecting victims. Moore later pulled his name from consideration.
The campaign’s roots were cultivated throughout the summer in an untold number of compromised systems. These dormant compromises are an ideal infrastructure from which threat actors like Muddy Water can launch future attacks.
Based on these findings, Prevailion’s team recommends at-risk organizations to take the following steps to protect themselves:
Karim Hijazi, who served as the director of intelligence of the cybersecurity firm Mandiant and now serves as CEO of the security firm Prevailion, said the hackers will likely have “gone to ground” at this point.
While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another While threat actors like Cozy Bear and Fancy Bear get a lot of attention, there is another sophisticated crime actor that companies need to be watching out for.The group is called TA505 and it is believed to be […]
“This was the most pristine espionage effort, unlike anything we’ve seen in a very long time,” said Karim Hijazi, a former intelligence community contractor. “Everyone in the cybersecurity community is freaking out, because we don’t know where this could stop.”