Iran-Backed MuddyWater's Latest Campaign Abuses Syncro Admin Tool

MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.

Dark Reading Staff, Dark Reading

December 9, 2022

1 Min Read
screen shot of syncro homepage
Source: Syncro

Iranian-backed threat group MuddyWater has switched up its tactics — it's now using remote administration tool Syncro to take over target devices.

Syncro is a full-featured remote access platform for managed service provider operations. The tool even offers a free 21-day trial.

Prior to this latest campaign, which researchers from Deep Instinct estimate began sometime in September, MuddyWater used a different legitimate remote administration tool called RemoteUtilities.

A new report from Deep Instinct details recent MuddyWater attacks on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.

"MuddyWater is not the only actor abusing Syncro," the Deep Instinct team reported. "It has also been observed recently in BatLoader and Luna Moth campaigns."

Deep Instinct provides MuddyWater's indicators of compromise and advises security teams to monitor for abnormal remote desktop applications inside their organizations.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights