Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin ToolIran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool
MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.
December 9, 2022
Iranian-backed threat group MuddyWater has switched up its tactics — it's now using remote administration tool Syncro to take over target devices.
Syncro is a full-featured remote access platform for managed service provider operations. The tool even offers a free 21-day trial.
Prior to this latest campaign, which researchers from Deep Instinct estimate began sometime in September, MuddyWater used a different legitimate remote administration tool called RemoteUtilities.
A new report from Deep Instinct details recent MuddyWater attacks on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.
"MuddyWater is not the only actor abusing Syncro," the Deep Instinct team reported. "It has also been observed recently in BatLoader and Luna Moth campaigns."
Deep Instinct provides MuddyWater's indicators of compromise and advises security teams to monitor for abnormal remote desktop applications inside their organizations.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023