https://bit.ly/3SDOVXl - 🕵️ Deep Instinct's Threat Research team has uncovered a new Command and Control (C2) framework, dubbed MuddyC2Go, believed to be used by the Iranian APT group MuddyWater. This C2 framework, written in Go, has possibly been active since 2020, replacing the group's earlier framework, PhonyC2. The discovery of MuddyC2Go highlights the evolving tactics of cyber threat actors. #MuddyC2Go #CyberSecurity #APT #IranianCyberThreats 🔍 The shift from PhonyC2 to MuddyC2Go was identified through anomalies in IP addresses previously associated with MuddyWater, revealing new behaviors and tactics. Deep Instinct's findings suggest a strategic evolution in MuddyWater's operations, highlighting the need for continuous monitoring and analysis of cyber threat actors' methodologies. #CyberThreatIntelligence #DeepInstinct #CyberAttackTrends 💻 Recent MuddyWater activities using MuddyC2Go involve spear-phishing emails with password-protected archives containing executables. These executables run embedded PowerShell scripts that connect to MuddyC2Go servers, indicating a move towards more sophisticated and automated attack methods. #SpearPhishing #Malware #CyberDefense 🌍 Deep Instinct's research has linked attacks using MuddyC2Go to various geographic locations, including a Jordanian company, an Iraqi telecommunications provider, and potential targets in Israel during the recent conflict. This geographical spread underscores the global reach and potential impact of MuddyWater's cyber operations. #GlobalCyberThreats #InfoSec #GeopoliticalCyberRisks 📡 In their investigation, Deep Instinct traced the MuddyC2Go framework back to 2020 and identified multiple IP addresses linked to MuddyWater's operations. These findings are supported by reports from other security firms, further validating the ongoing and evolving threat posed by this APT group. #CyberThreatResearch #IPAnalysis #CyberSecurityAwareness 🔗 The MuddyC2Go framework is challenging to fingerprint due to its generic appearance, similar to other web applications written in Go. However, unique URL patterns generated by the framework have helped Deep Instinct identify past attacks. This demonstrates the importance of detailed analysis in cybersecurity threat identification. #CyberForensics #ThreatHunting #CyberAnalysis 🛡️ Deep Instinct recommends disabling PowerShell if it's not needed or closely monitoring its activity if enabled, as PowerShell is a key component of MuddyWater's operations. The team's ongoing research and monitoring of MuddyC2Go servers provide vital insights for the cybersecurity community in combatting such threats.