MuddyWater

Iranian APT Targets Tech

A recent report by Unit 42 details the activities of an Iranian APT group, known as Screening Serpens, which has been targeting the tech and defense sectors. The group has been using AppDomainManager hijacking and new RAT variants to conduct espionage campaigns. Organizations in these sectors should be vigilant and take measures to protect themselves from these threats.

Iran's Cyber Attack Expands

Iran's cyber offensive has expanded to include fuel tank breaches, potentially disrupting fuel supplies. The breaches are attributed to insecure automatic tank gauge (ATG) systems exposed on the Internet. Organizations with ATG systems should review their security controls to prevent similar attacks.

Iranian Hackers Target Electronics Maker

Iranian hacking group MuddyWater has launched a cyber-espionage campaign targeting high-profile organizations

Iranian Spies Pose as Ransomware Gang

Iranian state-sponsored group MuddyWater is disguising itself as a ransomware gang to target enterprises, primarily in the US, Western countries, APAC, and the Middle East, with the goal of stealing data rather than encrypting it. Organizations with strategic intelligence value are at risk, and the attackers use social engineering and remote management tools to gain long-term persistence. To mitigate the threat, organizations should be cautious of suspicious messaging platform activity and prioritize incident response.

MuddyWater Uses Chaos Ransomware Decoy

MuddyWater hackers, allegedly from Iran, have been using Chaos ransomware as a decoy in their attacks, primarily targeting organizations through Microsoft Teams social engineering tactics. The goal is to establish persistence and gain access to sensitive data. Affected organizations should review their Microsoft Teams security and monitor for suspicious activity.

Iranian APT Disguises Attack

An Iranian Advanced Persistent Threat (APT) group, likely MuddyWater, has been observed conducting an intrusion that masquerades as a Chaos ransomware attack. The attack combines social engineering, persistence, credential harvesting, and data theft, potentially affecting organizations worldwide. To mitigate the threat, organizations should enhance their security measures, including employee education and monitoring for suspicious activity.

Iranian APT Actors Target US Infrastructure

Six US government agencies have issued a critical advisory warning of potential cyberattacks by Iranian-affiliated Advanced Persistent Threat (APT) actors on US

UAE Organizations Breached

Iran-linked group Handala claims to have breached three major UAE organizations, including Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority, potentially affecting sensitive data. The breach allegedly resulted in the destruction of 6 petabytes of data and theft of 149 TB of data. Organizations in the UAE should be vigilant and review their security measures.

Exposed Rockwell PLCs Vulnerable

Researchers have discovered 5,219 exposed Rockwell PLCs online, primarily in the US, which are vulnerable to attacks by Iranian APTs.

Iranian Hackers Target US Industrial Devices

Iranian-linked hackers have targeted US critical infrastructure networks, exposing nearly 4,000 industrial devices to potential cyberattacks. The affected devices are primarily programmable logic controllers (PLCs) manufactured by Rockwell Automation. Users of these devices should take immediate action to secure their networks and devices.

Iran-Linked Hackers Target ICS

The US government has warned that Iran-linked hackers are targeting Industrial Control Systems (ICS) in critical infrastructure, potentially causing disruption. This affects organizations operating in critical infrastructure sectors. Immediate action is

Iran-Linked Group Targets US Infrastructure

An Iran-affiliated threat group, known as CyberAv3ngers, has been targeting US critical infrastructure sectors, including water, energy, and government facilities, by