Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool
MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.
1 Min Read
Source: Syncro
Iranian-backed threat group MuddyWater has switched up its tactics — it's now using remote administration tool Syncro to take over target devices.
Syncro is a full-featured remote access platform for managed service provider operations. The tool even offers a free 21-day trial.
Prior to this latest campaign, which researchers from Deep Instinct estimate began sometime in September, MuddyWater used a different legitimate remote administration tool called RemoteUtilities.
A new report from Deep Instinct details recent MuddyWater attacks on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.
"MuddyWater is not the only actor abusing Syncro," the Deep Instinct team reported. "It has also been observed recently in BatLoader and Luna Moth campaigns."
Deep Instinct provides MuddyWater's indicators of compromise and advises security teams to monitor for abnormal remote desktop applications inside their organizations.
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
