CyberSecurityBoard
Sponsor Register Login

Iranian Hackers Attack Telecom Companies Using Custom Tools

The telecommunications companies in Egypt, Sudan, and Tanzania have been the target of the Iranian espionage group Seedworm, which is known as Muddywater.
The attack took place in November 2023, and the attackers used a range of tools, including the recently found and published MuddyC2Go infrastructure by Deep Instinct.
Along with other publicly accessible and living-off-the-land tools, the attackers also use a custom keylogging tool, the SimpleHelp remote access tool, and Venom Proxy, which have been linked to Seedworm activities in the past.
The attacks in this campaign, which targeted one specific telecom company, took place in November 2023.
The initial indications of malicious behavior were certain PowerShell executions connected to the MuddyC2Go backdoor.
The variables at the initial stage of the code seem to be there merely to try and evade detection by security software because they are irrelevant and unutilized.
Immediately following this execution, the attackers used a previously established scheduled task to launch the MuddyC2Go malware.
The attackers employed a few standard instructions associated with the Impacket WMIExec hack tool.
Utilizing the SimpleHelp remote access tool, a connection was made to the C&C server at 146.70.124[.]102. Additional PowerShell stager execution took place concurrently with the attacker running the Revsocks tool.
On the same computer as Revsocks and SimpleHelp, the attackers also used AnyDesk, a second authorized remote access application.
MuddyC2Go-related PowerShell executions also took place on the same system.
It is speculated that the attackers utilized WMI to initiate the SimpleHelp installer on the victim network earlier in 2023.
Although this behavior could not be linked to Seedworm at the time, it seems that the same group of attackers was responsible for the earlier activity.
In another incident, the attackers additionally employed a new custom keylogger, and they also executed a customized build of the Venom Proxy hack tool on this network.
For persistence on victim machines, SimpleHelp, a reliable remote device control and administration application, is used in this activity.
Other tools used in this activity include Revsocks, AnyDesk, PowerShell, and Custom keylogger.
This emphasizes how important it is for businesses to be alert to any unusual PowerShell usage on their networks.


This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 20 Dec 2023 13:40:05 +0000


Cyber News related to Iranian Hackers Attack Telecom Companies Using Custom Tools

8 Tips on Leveraging AI Tools Without Compromising Security - Forecasts like the Nielsen Norman Group estimating that AI tools may improve an employee's productivity by 66% have companies everywhere wanting to leverage these tools immediately. How can companies employ these powerful AI/ML tools without ...
7 months ago Darkreading.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
5 months ago Bleepingcomputer.com
HackersEra Launches Telecom Penetration Testing to Eliminate Cyber Threats - Cybercriminals have attacked telecom infrastructure, particularly as it shifts to an IP-based design with the introduction of Long-Term Evolution networks, also referred to as LTE or 4G. Persistent attackers could spy on users' cellular networks and ...
6 months ago Cysecurity.news
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
7 months ago Esecurityplanet.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
7 months ago Blog.checkpoint.com
Iranian Hackers Attack Telecom Companies Using Custom Tools - The telecommunications companies in Egypt, Sudan, and Tanzania have been the target of the Iranian espionage group Seedworm, which is known as Muddywater. The attack took place in November 2023, and the attackers used a range of tools, including the ...
6 months ago Cybersecuritynews.com
The Dangers of Remote Management & Monitoring Tools for Cybersecurity - Remote monitoring and management (RMM) tools are used by business organizations to manage and monitor their enterprise IT infrastructure from a central location. However, the increasing sophistication of hackers and cybercriminals has caused both ...
1 year ago Csoonline.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
2 months ago Cybersecurity-insiders.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
Cybersecurity funding in 2024: Survival of the financially fittest - Attacker tactics, techniques, and procedures always evolve, which means companies will need new cybersecurity tools with improved capabilities. Cybersecurity startups raised massive rounds of funding with sometimes exorbitant valuations. ...
6 months ago Scmagazine.com
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
6 months ago Bleepingcomputer.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
7 months ago Therecord.media
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
1 year ago Hackread.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)