Iran-Backed MuddyWaters Latest Campaign Abuses Syncro Admin Tool

  /     /     /  
Publicated : 23/11/2024   Category : security


Iran-Backed MuddyWaters Latest Campaign Abuses Syncro Admin Tool


MuddyWater joins threat groups BatLoader and Luna Moth, which have also been using Syncro to take over devices.



Iranian-backed threat group MuddyWater has switched up its tactics — its now using remote administration tool Syncro to take over target devices.
Syncro is a full-featured remote access platform for managed service provider operations. The tool even offers a free 21-day trial.
Prior to this latest campaign, which researchers from Deep Instinct estimate began sometime in September, MuddyWater used a different legitimate remote administration tool called RemoteUtilities.
A new report from Deep Instinct details recent MuddyWater attacks on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.
MuddyWater is not the only actor abusing Syncro, the Deep Instinct team reported. It has also been observed recently in BatLoader and Luna Moth campaigns.
Deep Instinct provides MuddyWaters indicators of compromise and
advises
security teams to monitor for abnormal remote desktop applications inside their organizations.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Iran-Backed MuddyWaters Latest Campaign Abuses Syncro Admin Tool