Iran-Backed MuddyWaters Latest Campaign Abuses Syncro Admin Tool

MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.

Iranian-backed threat group MuddyWater has switched up its tactics — its now using remote administration tool Syncro to take over target devices.
Syncro is a full-featured remote access platform for managed service provider operations. The tool even offers a free 21-day trial.
Prior to this latest campaign, which researchers from Deep Instinct estimate began sometime in September, MuddyWater used a different legitimate remote administration tool called RemoteUtilities.
A new report from Deep Instinct details recent MuddyWater attacks on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.
MuddyWater is not the only actor abusing Syncro, the Deep Instinct team reported. It has also been observed recently in BatLoader and Luna Moth campaigns.
Deep Instinct provides MuddyWaters indicators of compromise and
advises
security teams to monitor for abnormal remote desktop applications inside their organizations.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Iran-Backed MuddyWaters Latest Campaign Abuses Syncro Admin Tool