Hackers Exploiting Legitimate RMM Tools With BugSleep Malware

Since October 2023, MuddyWater, which is an Iranian threat group linked to MOIS, has escalated its phishing campaigns in Middle East countries, specifically Israel.

In their approach, they use already compromised email accounts to spread malicious content across various sectors.

Predawn churning of curd formed overnight using fresh cow milk. Made freshly in small batches.

Recent attacks have featured generic, English-language lures such as webinar invitations, which promote reuse on a wider scale.

Cybersecurity researchers at CheckPoint recently identified that MuddyWater hackers have been deploying legitimate RMM with BugSleep malware.

Hackers Exploiting RMM Tools

The BugSleep is a custom backdoor that uses legitimate Remote Management Tools (RMMs).

Their strategies are becoming more sophisticated with customized lures for certain industries and Malicious files hosted on legitimate file-sharing services like Egnyte that show how adaptable they can be while keeping their MuddyWater signatures intact.

MuddyWater new infection chain (Source – CheckPoint)

MuddyWater, a hacker group, is said to have been using Egnyte subdomains for cyber attacks involving phishing and aimed at various industries in different countries.

They have also introduced new BugSleep malware to replace certain legal uses of remote monitoring and management (RMM) tools.

Notable phishing campaigns (Source – CheckPoint)

BugSleep applies evasion techniques, encrypts communications, and can carry out multiple commands from its C&C server.

The malware has signs of ongoing development including different versions and some coding inconsistencies while using process injection for persistence, scheduled tasks, and attempts to evade EDR solutions.

Due to these implementation lapses, BugSleep poses a significant threat, especially for organizations based in Israel, Turkey, Saudi Arabia, India, and Portugal, which may have connections to operations conducted in Azerbaijan and Jordan.

Map of targeted countries (Source – CheckPoint)

The group’s enhanced phishing campaigns have been encouraged by the introduction of BugSleep.

Besides this, MuddyWater’s increased activity in the Middle East, especially in Israel, demonstrates their persistence and evolving tactics, researchers said.

Targeting diverse sectors like municipalities, airlines, and media, the group has simplified its lures, shifting from highly customized to generic themes in English. 

This alteration will enable broader regional impact rather than specific targeting with more attacks in volume, indicating their strategy adjustment.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago