Summer Mirage: How an Iranian-based Group Prepped for Future Cyber Attacks

Prevailion Tailored Intelligence Summer Mirage image

Prevailion’s Tailored Intelligence research team has identified fresh sources that pin a series of cyberattacks over the summer on an Iranian threat group known as Muddy Water. These attacks are believed to be an extension of the previously documented BlackWater campaign in April, which created a series of compromised systems.

The discovery of these compromises comes days after the Department of Homeland Security issued a bulletin warning of potential Iranian cyber attacks, and these campaigns reveal that Iranian-based threat actors are well-positioned to launch attacks at a moment’s notice.

One of the tactics used by Muddy Water throughout the summer capitalized on global interest in President Donald Trump’s Federal Reserve chairman nominee Stephen Moore. The threat actors distributed a document with wording sourced from an April 23rd article in The New York Times referencing Moore, which was used as bait to install remote trojans into unsuspecting victims. Moore later pulled his name from consideration.

The campaign’s roots were cultivated throughout the summer in an untold number of compromised systems. These dormant compromises are an ideal infrastructure from which threat actors like Muddy Water can launch future attacks. 

Based on these findings, Prevailion’s team recommends at-risk organizations to take the following steps to protect themselves: 

  • Update and properly configure end-point antivirus solutions
  • Review and/or configure organization-wide email filters
  • Ensure employees do not enable macros on documents coming from untrusted sources

The Latest

Post thumbnail image

Information Technology Manager

The Information Technology Manager works to support Prevailion’s IT assets, employees and mission critical systems. In this role, you will wear many hats and work collaboratively with internal teams to deploy, manage, and maintain systems and infrastructure key to the company’s success and growth of Prevailion.

Post thumbnail image

Threat Intelligence Researcher

The Threat Intelligence Researcher works in Prevailion’s Intelligence team. In this role, you will work collaboratively with internal teams to deploy, manage, and maintain systems and infrastructure key to the Intelligence team’s success and growth and that of Prevailion.

Post thumbnail image

Senior Threat Intelligence Researcher

The Senior Threat Intelligence Researcher works in Prevailion’s Intelligence team. In this role, you will work collaboratively with internal teams to deploy, manage, and maintain systems and infrastructure key to the Intelligence team’s success and growth and that of Prevailion.

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.