CyberSecurityBoard
Sponsor Register Login

Iranian Hackers Attack Telecom Companies Using Custom Tools

The telecommunications companies in Egypt, Sudan, and Tanzania have been the target of the Iranian espionage group Seedworm, which is known as Muddywater.
The attack took place in November 2023, and the attackers used a range of tools, including the recently found and published MuddyC2Go infrastructure by Deep Instinct.
Along with other publicly accessible and living-off-the-land tools, the attackers also use a custom keylogging tool, the SimpleHelp remote access tool, and Venom Proxy, which have been linked to Seedworm activities in the past.
The attacks in this campaign, which targeted one specific telecom company, took place in November 2023.
The initial indications of malicious behavior were certain PowerShell executions connected to the MuddyC2Go backdoor.
The variables at the initial stage of the code seem to be there merely to try and evade detection by security software because they are irrelevant and unutilized.
Immediately following this execution, the attackers used a previously established scheduled task to launch the MuddyC2Go malware.
The attackers employed a few standard instructions associated with the Impacket WMIExec hack tool.
Utilizing the SimpleHelp remote access tool, a connection was made to the C&C server at 146.70.124[.]102. Additional PowerShell stager execution took place concurrently with the attacker running the Revsocks tool.
On the same computer as Revsocks and SimpleHelp, the attackers also used AnyDesk, a second authorized remote access application.
MuddyC2Go-related PowerShell executions also took place on the same system.
It is speculated that the attackers utilized WMI to initiate the SimpleHelp installer on the victim network earlier in 2023.
Although this behavior could not be linked to Seedworm at the time, it seems that the same group of attackers was responsible for the earlier activity.
In another incident, the attackers additionally employed a new custom keylogger, and they also executed a customized build of the Venom Proxy hack tool on this network.
For persistence on victim machines, SimpleHelp, a reliable remote device control and administration application, is used in this activity.
Other tools used in this activity include Revsocks, AnyDesk, PowerShell, and Custom keylogger.
This emphasizes how important it is for businesses to be alert to any unusual PowerShell usage on their networks.


This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 20 Dec 2023 13:40:05 +0000


Cyber News related to Iranian Hackers Attack Telecom Companies Using Custom Tools

8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
1 year ago Darkreading.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
11 months ago Bleepingcomputer.com
HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats - Cybercriminals have attacked telecom infrastructure, particularly as it shifts to an IP-based design with the introduction of Long-Term Evolution networks, also referred to as LTE or 4G. Persistent attackers could spy on users' cellular networks and ...
1 year ago Cysecurity.news
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
1 year ago Blog.checkpoint.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Iranian Hackers Attack Telecom Companies Using Custom Tools - The telecommunications companies in Egypt, Sudan, and Tanzania have been the target of the Iranian espionage group Seedworm, which is known as Muddywater. The attack took place in November 2023, and the attackers used a range of tools, including the ...
1 year ago Cybersecuritynews.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
1 year ago Csoonline.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
Cybersecurity funding in 2024: Survival of the financially fittest - Attacker tactics, techniques, and procedures always evolve, which means companies will need new cybersecurity tools with improved capabilities. Cybersecurity startups raised massive rounds of funding with sometimes exorbitant valuations. ...
11 months ago Scmagazine.com
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
1 year ago Bleepingcomputer.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
1 year ago Securityweek.com
Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
11 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)