Kaspersky Lab said the electronic weapons used by the Middle East online spy group, known as MuddyWater, reveal attempts to point the finger through "false banners" to other Chinese, Russian, Turkish and Saudi threat groups in order to disrupt Security researchers and the authorities concerned.
Kaspersky Lab said in an in-depth analysis of the MyddyWater's e-archival that the group was an advanced threat that first appeared in 2017. In October 2018, the company reported a major operation by MuddyWater targeting government agencies and Communications in Saudi Arabia, Iraq, Jordan, Lebanon and Turkey, as well as Azerbaijan, Afghanistan and Pakistan.
The malicious tools and infrastructure revealed during the investigation into this process show how the actor tried to confuse and distract the investigators and e-security experts, as well as a series of operational security failures that eventually resulted in the failure and failure of this destructive approach.
Kaspersky Lab researchers have been able to identify the various deception tactics used by the attackers in the first public report on what happens to the victims of MuddyWater after the first infection. These included the use of Chinese and Russian word strings in malicious code, naming the Turk file, as well as attempts to impersonate the Saudi Arabian RXR group.
The attackers appeared to have been well equipped to achieve their desired objectives. Most of the detected malware was relatively simple and one-time, Python and PowerShell-based tools developed primarily by the subversive group, which seemed to give the attackers the flexibility to modify the toolkit to target victims.
"The continued ability of MuddyWater to enhance its attacks to adapt to the changing geopolitical landscape in the Middle East has made it a strong competitor and continues to grow," said Mohammed Amin Hasbini, head of Kaspersky Lab's Middle East, "We expect this disruptive group to continue to evolve, acquire more tools, and perhaps even gain the ability to launch attacks without waiting through unknown software gaps. "However, the multiple operational errors revealed weaknesses that they were experiencing and provided investigators with paths that led to their access to important information."
Kaspersky Lab intends to continue its efforts to monitor the activities of the MuddyWater Group. The details of the latest activity of this group can be found in the Kaspersky Lab Special Report on Threat Information, which includes indicators of penetration, and YARA rules, to assist in criminal research and attempt to catch malware.
0 Comments