Iran cyberespionage group taps SimpleHelp for persistence on victim devices

21 April 2023

Iranian APT hacking group MuddyWater has been observed using SimpleHelp, a legitimate remote device control and management tool, to ensure persistence on victim devices. SimpleHelp itself, as used by the threat actors, has not been compromised — instead, the group has found a way to download the tool from the official website and use it in their attacks, according to a Group-IB blog post. The researchers have also identified a previously unknown malware command and control infrastructure and a PowerShell script that the group is using. MuddyWater has been active since 2017 and is generally believed to be a subordinate unit within Iran’s Ministry of Intelligence and Security (MOIS).

Read full article on CSO Online

Date:

21 April 2023

Categorie(s):

NEWS

Tag(s):

Iran, IT, News

Organizations go ahead with AI despite security risks6 May 2024
How to prepare for the CISSP exam: Tips from industry leaders6 May 2024
Privacy requests increased 246% in two years6 May 2024
How MFA can improve your online security6 May 2024
Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks6 May 2024