Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa
Dec 19, 2023
Cyber Espionage / Cyber Attack
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under the name Seedworm, which is also tracked under the monikers Boggy Serpens, Cobalt Ulster, Earth Vetala, ITG17, Mango Sandstorm (formerly Mercury), Static Kitten, TEMP.Zagros, and Yellow Nix. Active since at least 2017, MuddyWater is assessed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS), primarily singling out entities in the Middle East. The cyber espionage group's use of MuddyC2Go was first highlighted by Deep Instinct last month, describing it as a Golang-based replacement for PhonyC2 , itself a successor to MuddyC3. However, there is evidence to suggest that it may have been employed as early as 2020. While the full extent of MuddyC2Go'