Muddy Water Hacker Group Using Compromised Corporate Emails for Phishing

By Gagandeep Singh


Muddy Waters, a hacker group linked with the Ministry of Intelligence & security of Iran, used the compromised corporate emails for sending phishing messages to their targets.

A security firm, Deep Instintics, said that the campaign was spotted in October using the same tactics and used Legitimate remote tools.

in the 2020-21 campaigns, the group relied on ScreenConnect & Remote Utilities. (Remote remote administration tools).

Muddy waters used the same tactics but switched to Atera Agent! (Simon Kenin discovered the use of an Atera agent)

In a campaign in October, Muddy Water used Syncro. The hacker used HMTL.file to attach a link to download Syncro Installer.

The initial phishing emails were indeed sent from legitimate corporate email accounts that got compromised, & the Syncro installer was stored in Dropbox.

The company signatures were not on the phishing emails that the hacker group sent, but the target still trusted the email as a legitimate email as it came from an authentic address of the company.

Muddy Waters' methods are not modern. Yet the freely available software/tools can be an effective way for hacking practices.

Read the full story here.