Thursday, March 28, 2024

Cyber Espionage Campaign Possibly “MuddyWater” Targets Middle East and Central Asia

A new campaign with the similarities of MuddyWater spotted targetting organizations in Pakistan, Turkey, and Tajikistan. Attackers use various social engineering methods to trick the victims into enabling macros and activate payloads.

Security researchers from TrendMicro spotted the campaign says that “we can assume that there is a connection between these new attacks and the MuddyWater campaign”.

With this campaign, the attacker tries to impersonate government organizations of Tajikistan and the campaign uses similar obfuscation method as like MuddyWater.

In some lure documents payloads were directly embedded inside and some documents contain links that download the malicious payload.

Also Read Active Business Phishing Campaign Targeting Fortune 500 Companies to Steal Financial Assets

MuddyWater

One the payload executes it creates two malicious scripts in the ProgramData directory, obfuscated Visual Basic script(VBS_VALYRIA.DOCT) that executes the obfuscated PowerShell script(TROJ_VALYRIA.PS).

The Obfusticated PowerShell divided into three parts

1. Contains encryption keys and few websites that serve as proxies.
2. Second part the standard RSA encryption.
3. Contains the backdoor function. It communicates with the C&C server and can perform following actions such as clean, reboot, shutdown, screenshot, and upload.

The backdoor collects the infected machine information such as the Operating System name, architecture, domain, network adapter configuration, and username. Communication with C&C server done via XML messages.

Researchers said the attackers “are actively monitoring the incoming connections to the C&C. In one of our attempts, we sent an improper request to the C&C server, which replied with the following message: “Stop!!! I Kill You, Researcher.”

MuddyWater

How to stay safe – Business Phishing Campaign

1. Have a unique Email address.
2. Do not open any attachments without proper validation.
3. Don’t open emails voluntary emails.
4. Use Spam filters & Antispam gateways.
5. Never respond to any spam emails.
6. verify the vendor.
7. Implement Two-factor Authentication

Website

Latest articles

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...

ZENHAMMER – First Rowhammer Attack Impacting Zen-based AMD Platforms

Despite AMD's growing market share with Zen CPUs, Rowhammer attacks were absent due to...

Airbus to Acquire INFODAS to Strengthen its Cybersecurity Portfolio

Airbus Defence and Space plans to acquire INFODAS, a leading cybersecurity and IT solutions...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles