Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin ToolIran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool
MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.
Dark Reading Staff
December 9, 2022
1 Min Read
Source: Syncro
Iranian-backed threat group MuddyWater has switched up its tactics — it's now using remote administration tool Syncro to take over target devices.
Syncro is a full-featured remote access platform for managed service provider operations. The tool even offers a free 21-day trial.
Prior to this latest campaign, which researchers from Deep Instinct estimate began sometime in September, MuddyWater used a different legitimate remote administration tool called RemoteUtilities.
A new report from Deep Instinct details recent MuddyWater attacks on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.
"MuddyWater is not the only actor abusing Syncro," the Deep Instinct team reported. "It has also been observed recently in BatLoader and Luna Moth campaigns."
Deep Instinct provides MuddyWater's indicators of compromise and advises security teams to monitor for abnormal remote desktop applications inside their organizations.
About the Author(s)
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
