Last updated on July 28th, 2022 at 01:21 am
Iranian state-backed MuddyWater threat actors have been associated with a new offensive campaign targeting Turkey and the Arabian Peninsula to plant remote access trojans (RATs) on compromised systems.
It has been determined that the campaign is a continuation of the November 2021 MuddyWater campaign, which targets Turkish private and government institutions with PowerShell-based backdoors for information gathering and espionage activities. To not be the target of this and similar malware campaigns, it is important to ignore e-mail attachments and links from unknown people, not to download files or programs from unknown sources, and conduct attack surface analyses at regular intervals. Also, It is recommended to raise awareness of institution/organization personnel against possible phishing / social engineering attacks and block detected IoC findings related to the campaign from security devices in use.