The Iranian nation-state actor, MuddyWater, has been using a new command-and-control (C2) framework called MuddyC2Go in cyber espionage attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The activity, also tracked as Seedworm, involves a Golang-based tool replacing PhonyC2 and MuddyC3. MuddyWater, linked to Iran’s Ministry of Intelligence and Security, has been active since at least 2017, primarily targeting entities in the Middle East. The attacks involve the use of SimpleHelp, Venom Proxy, a custom keylogger, and other publicly available tools, aiming to evade detection and achieve strategic objectives. The latest intrusions occurred in November 2023. Symantec recommends organizations to be vigilant regarding the suspicious use of PowerShell on their networks.
Newsflash
- How a U.S. Law Change Could Impact the Global Internet and Online Freedom
- Telkom Kenya Lands KSh 570M Contract for Open RAN Expansion
- Nvidia CEO: The Future of AI Will Require 100x More Computing Power
- The AI Race Heats Up: Breakthrough Innovations from OpenAI, Google, and China’s Rising Tech Titans
- Google Offers Gemini Code Assist Free to Individual Developers
- Alibaba Unveils Wan 2.1 AI Model to Compete with OpenAI
- Internet Disruptions Hit Nairobi Amid Escalating Feud Between City Hall and Kenya Power
- Epson Appoints New President & CEO to Drive Global Innovation and Growth
- Ethiopian Airlines and Airbus Sign Flight Hour Services Agreement to Boost Fleet Efficiency
- Survey: 58% of Africans Fear Financial Losses from Cybercrime Amid Rising Digital Threats