C2 Framework | Breaking Cybersecurity News | The Hacker News

The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called  DarkBeatC2 , becoming the latest such tool in its arsenal after  SimpleHarm ,  MuddyC3, PhonyC2 , and  MuddyC2Go . "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater's methods remain constant," Deep Instinct security researcher Simon Kenin  said  in a technical report published last week. MuddyWater, also called Boggy Serpens, Mango Sandstorm, and TA450, is assessed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS). It's known to be active since at least 2017, orchestrating spear-phishing attacks that lead to the deployment of various legitimate Remote Monitoring and Management (RMM) solutions on compromised systems. Prior findings from Microsoft show that the group has ties with another Iranian threat activity cluster tracked as  Storm-1084  ...

Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called  MuddyC2Go  as part of  attacks targeting Israel . "The framework's web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin  said  in a technical report published Wednesday. The tool has been attributed to  MuddyWater , an  Iranian   state-sponsored   hacking   crew  that's affiliated to the country's Ministry of Intelligence and Security (MOIS). The cybersecurity firm said the C2 framework may have been put to use by the threat actor since early 2020, with recent attacks leveraging it in place of PhonyC2 , another custom C2 platform from MuddyWater that came to light in June 2023 and has had its source code leaked. Typical attack sequences observed over the years have involved sending spear-phishing emails bearing malware-laced archives or bogus links that lea...

The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider's storage security controls and default settings. "In just the past few months, I have witnessed two different methods for executing a ransomware attack using nothing but legitimate cloud security features," warns Brandon Evans, security consultant and SANS Certified Instructor. Halcyon disclosed an attack campaign that leveraged one of Amazon S3's native encryption mechanisms, SSE-C, to encrypt each of the target buckets. A few months prior, security consultant Chris Farris demonstrated how attackers could perform a similar attack using a different AWS security feature, KMS keys with external key material, using simple scripts generated by ChatGPT. "Clearly, this topic is top-of-mind for both threat actors and ...