CyberSum logo
Back

MuddyWater Phishing Campaign Targets Global Organizations

Cyber Security News by CyberSum.net
6 sources
Researchers at Group-IB have uncovered a new phishing campaign by the MuddyWater threat actor, targeting governmental and international organizations across multiple regions. The campaign uses the Phoenix backdoor v4, a new FakeUpdate injector, and a custom credential stealer disguised as a calculator. The attackers leverage compromised email accounts and legitimate VPN services to bypass detection and establish persistent access. The campaign begins with phishing emails from compromised accounts, leading to the deployment of malicious macros that execute the Phoenix backdoor. The backdoor registers the compromised host with a C2 server, allowing full control to the attacker. The campaign's targets include diplomatic, humanitarian, and energy-sector entities.

Also Read

Kimsuky Group Deploys HttpTroy Backdoor in Spear-Phishing Attack

The Kimsuky threat actor has been linked to a spear-phishing attack using a new backdoor called HttpTroy. The attack involved a ZIP file disguised as a VPN invoice, which initiated a multi-stage infection process. The backdoor allows attackers to control compromised systems, execute commands, and capture screenshots. The malware employs advanced obfuscation techniques to evade detection.

By Cyber Security News by CyberSum.net