Attacks deployed by Iranian state-backed threat operation MuddyWater against Israel saw the utilization of the new MuddyC2Go command-and-control framework, which replaced the PhonyC2 custom platform following the exposure of its source code, reports The Hacker News. While MuddyWater continues to commence intrusions with spearphishing emails, the group has transitioned to using password-protected archives for deploying an executable, rather than a remote administration tool, which included a PowerShell script enabling automated linking to the MuddyC2Go server, according to a Deep Instinct report.
Source: SC Magazine