The Iranian state-sponsored espionage group dubbed MuddyWater uses a previously unknown command-and-control (C2) framework called PhonyC2.
This framework has been put to use by the actor since 2021.
It is structurally and functionally similar to MuddyC3, a previous MuddleWater custom C2 framework that was written in Python 2, security researcher Simon Kenin said.
MuddyWater is continuously updating the PhONYC2 framework and changing TTPs to avoid detection.
Muddy Water, also known as Mango Sandstorm or Mango, is a cyber espionage group that’s known to operate on behalf of the Iran’s Ministry of Intelligence and Security since at least 2017.
The use of social engineering is a central component of Iranian APT tradecraft when engaging in cyber espionage and information operations, Kenin explained.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply