MuddyWater, an Iranian threat actor, is using the legitimate remote support software SimpleHelp to commandeer targeted systems.
The group has been active since 2017, with targets including Turkey, Pakistan, the U.A.E., Iraq, Israel, Saudi Arabia, Jordan, the U.S., Azerbaijan, and Afghanistan.
They use spear-phishing messages with malicious links to distribute the SimpleHelp samples and deploy the Ligolo reverse tunneling tool and a credential harvester.
Microsoft recently revealed the group’s modus operandi of carrying out destructive attacks on hybrid environments.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply