Monday, July 15, 2024
EHA

Cyber Espionage Campaign Possibly “MuddyWater” Targets Middle East and Central Asia

A new campaign with the similarities of MuddyWater spotted targetting organizations in Pakistan, Turkey, and Tajikistan. Attackers use various social engineering methods to trick the victims into enabling macros and activate payloads.

Security researchers from TrendMicro spotted the campaign says that “we can assume that there is a connection between these new attacks and the MuddyWater campaign”.

With this campaign, the attacker tries to impersonate government organizations of Tajikistan and the campaign uses similar obfuscation method as like MuddyWater.

In some lure documents payloads were directly embedded inside and some documents contain links that download the malicious payload.

Also Read Active Business Phishing Campaign Targeting Fortune 500 Companies to Steal Financial Assets

MuddyWater

One the payload executes it creates two malicious scripts in the ProgramData directory, obfuscated Visual Basic script(VBS_VALYRIA.DOCT) that executes the obfuscated PowerShell script(TROJ_VALYRIA.PS).

The Obfusticated PowerShell divided into three parts

1. Contains encryption keys and few websites that serve as proxies.
2. Second part the standard RSA encryption.
3. Contains the backdoor function. It communicates with the C&C server and can perform following actions such as clean, reboot, shutdown, screenshot, and upload.

The backdoor collects the infected machine information such as the Operating System name, architecture, domain, network adapter configuration, and username. Communication with C&C server done via XML messages.

Researchers said the attackers “are actively monitoring the incoming connections to the C&C. In one of our attempts, we sent an improper request to the C&C server, which replied with the following message: “Stop!!! I Kill You, Researcher.”

MuddyWater

How to stay safe – Business Phishing Campaign

1. Have a unique Email address.
2. Do not open any attachments without proper validation.
3. Don’t open emails voluntary emails.
4. Use Spam filters & Antispam gateways.
5. Never respond to any spam emails.
6. verify the vendor.
7. Implement Two-factor Authentication

Website

Latest articles

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...

GuardZoo Android Malware Attacking military personnel via WhatsApp To Steal Sensitive Data

A Houthi-aligned group has been deploying Android surveillanceware called GuardZoo since October 2019 to...

ViperSoftX Weaponizing AutoIt & CLR For Stealthy PowerShell Execution

ViperSoftX is an advanced malware that has become more complicated since its recognition in...

Malicious NuGet Campaign Tricking Developers To Inject Malicious Code

Hackers often target NuGet as it's a popular package manager for .NET, which developers...

Akira Ransomware Attacking Airline Industry With Legitimate Tools

Airlines often become the target of hackers as they contain sensitive personal and financial...

DarkGate Malware Exploiting Excel Files And SMB File Shares

DarkGate, a Malware-as-a-Service (MaaS) platform, experienced a surge in activity since September 2023, employing...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles