11 Dec 17

Evolution of the MuddyWater Advanced Persistent Threat (APT)

Evolution of the MuddyWater Advanced Persistent Threat (APT)

Recently, experts at the Saudi National Cyber Security Centre (NCSC) published an alert regarding a second MuddyWater Advanced Persistent Threat (APT) attack.

The first had been reported earlier this year where the Saudi government was targeted in a cyber attack by means of a malicious PowerShell script deployed using a Microsoft Word macro. This attack enabled the operators of the MuddyWater APT the ability to conduct cyber espionage operations on the Saudi government. The malicious script communicated through compromised websites using the sites as proxies until finally reaching the command and control servers.

The subsequent attack had subtle differences from the earlier one, using a malicious Microsoft Word document spawning PowerShell scripts, spotted during a spear phishing campaign targeting the Kingdom. DarkMatter Malware Research Lab has analysed this second attack, highlighting the latest sophistications and developments this APT actor has undergone since September.

  Back To Blog Listing