National Cyber Warfare Foundation (NCWF)

MuddyWater
0 user ratings		2024-06-18 15:21:31
blscott

 - archive -- 

MuddyWater

MITRE:  G0069

MuddyWater is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS). Since at least 2017, MuddyWater has targeted a range of government and private organizations across sectors, including telecommunications, local government, defense, and oil and natural gas organizations, in the Middle East, Asia, Africa, Europe, and North America.

 Alternate names
Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros, Mango Sandstorm, TA450,

MuddyWater is an advanced persistent threat (APT) that has been active since at least 2017, targeting organizations in various industries such as government agencies and defense contractors. It is believed to be linked to the Chinese military or a state-sponsored group due to its use of custom malware tools and tactics commonly used by APTs associated with China's intelligence services. MuddyWater has been known to steal sensitive information, including documents related to foreign policy discussions, diplomatic cables, and military plans. It is also capable of exfiltrating data from mobile devices through Bluetooth connections.

Techniques, tactics and practices:

MuddyWater is a highly sophisticated threat that employs various techniques to achieve its objectives. Some of these include:

1. Spear-phishing emails - sending targeted emails with malicious attachments or links, often disguised as legitimate messages from trustworthy sources such as government agencies or financial institutions.
2. Watering hole attacks - compromising websites that are frequently visited by the intended targets to infect them when they visit those sites.
3. Remote access tools (RATs) - using custom-built RATs, MuddyWater can gain persistent access to targeted systems and networks.
4. Bluetooth attacks - exploiting vulnerabilities in mobile devices' Bluetooth connections to exfiltrate data from compromised phones or tablets.
5. Custom malware tools - creating custom-built malware that is tailored to specific targets, making it more difficult

Alternate Group Names
ATK51Boggy SerpensCOBALT ULSTEREarth VetalaG0069MERCURYMango SandstormSeedwormStatic KittenTA450TEMP.Zagros

Alternative Names
TEMP.ZagrosSeedwormCobalt UlsterSectorD02MERCURYMuddy WaterDarkBitMango SandstormBoggy SerpensATK51Static KittenYellow nixPOWERSTATSNTSTATSG0069


Comments
new comment
Nobody has commented yet. Will you be the first?


Primary Names
APT42
  




This link is from a restricted area of the forums.
Forum


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.