We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia.
Third party security researchers named the MuddyWater campaign as such because of the difficulties in attributing the attacks.
However, given the nature of the targets, as well as the gathering and uploading of information to C&C servers, it appears that the attackers are mainly concerned with espionage activities — with the Saudi Arabia’s National Cyber Security Center (NCSC) publishing an alert on their website regarding the attacks.
Given the number of similarities, we can assume that there is a connection between these new attacks and the MuddyWater campaign. It also signifies that the attackers are not merely interested in a one-off campaign, but will likely continue to perform cyberespionage activities against the targeted countries and industries.
Comparing the earlier MuddyWater campaign with this new one reveals some distinct similiarities…
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
- XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails
- Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
- Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware
- Device Vulnerabilities in the Connected Home: Uncovering Remote Code Execution and More
- Uncovering Unknown Threats With Human-Readable Machine Learning
- Microsoft’s April Patch Tuesday Fixes Remote Code Execution Vulnerabilities in Fonts and Keyboard
- Mirai-like Scanning Activity Detected From China, With Targets in Brazil
- Challenges in Securing Connected Hospitals
- Understanding Code Signing Abuse in Malware Campaigns