Researchers uncover new MuddyWater targeting of government, telecommunications entities

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/muddywater-tajikstan-clearsky/

By Sean Lyngaas
CYBERSCOOP
June 6, 2019

Undeterred by the reported dumping of its data online, an Iran-linked 
hacking group has been using malicious documents and files to target 
telecommunications organizations and impersonate government entities in 
Iraq, Pakistan, and Tajikistan, researchers said Thursday.

The so-called MuddyWater group has been carrying out attacks in two stages 
against the targets, according to research published by Israeli company 
ClearSky Cyber Security. The first stage uses lure documents to exploit a 
known vulnerability in Microsoft Office that allows for remote code 
execution. The second stage lets the attackers communicate with hacked 
servers to download an infected file.

"This is the first time MuddyWater has used these two vectors in 
conjunction," ClearSky said in its research, which warned that just three 
antivirus engines were detecting the malicious documents analyzed.

In one example, a document disguised as a United Nations development plan 
for Tajikistan was actually packed with malware. The malware was uploaded 
to VirusTotal, the malware-analysis platform, from Tajikistan, according 
to ClearSky.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_