MuddyWater Cyber Alert issued by CISA

1324

United States Cybersecurity and Infrastructure Security Agency has issued a warning against Iranian Intelligence backed hacking group dubbed MuddyWater. And as per the warning, the group filled with Advanced Persistent Threat (APT) actors is reportedly conducting espionage on critical infrastructure operating in Asia, Africa, Europe and North America and was found mostly targeting industries from telecommunications, defense, local government and oil & natural gas.

CISA claims that MuddyWater also known with other names Earth Vetla, Mercury, Static Kitten, Seedworm and TEMP.Zagros has been found providing stolen data and computer network accesses to both Iranian government and other threat groups since 2018 and is being funded by the Iranian Ministry of Intelligence and Security (MOIS).

As per the study conducted by CISA in association with FBI and NCSC, APT actors is capable of side loading DLLS and will force legitimate programs run malware/backdoor access and will also C2 functions take place on a victimized computer by obfuscating PowerShell Scripts.

Moving to the other cyber alert issued by CISA, threat actors are seen exploiting vulnerabilities on Zabbix Servers. Technically speaking, Zabbix is open source software that is available to monitor servers, computer networks, VMs and Cloud components.

And was recently detected in a security analysis that the susceptibility could allow remote code execution with root privileges.

Ukrainian Computer Emergency Response Team (CERT) that has been away from action on a temporary note because of the war between Russia and Ukraine published a warning a couple of weeks back leaving Zabbix servers with two vulnerabilities that are expected to be fixed by March 8th,2022.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display