Search This Blog

Powered by Blogger.

Blog Archive

Labels

MuddyWater: Iran-Backed Threat Group’s Latest Campaign Abuses Syncro Admin Tool

Threat group, MuddyWater has now altered its tactics, it is now using a remote administration tool, Syncro, in order to gain control of target device.


Iran-sponsored cyber threat group, MuddyWater has now altered its tactics, it is now utilizing a remote administration tool, Syncro, that is being used in order to gain control of the target devices. 

What is Syncro? 

Syncro is a highly integrated and easy-to-use remote access platform that allows Remote monitoring and management (RMM) and automation of tasks, streamlining users’ operations to get established, run, and grow their managed service provider (MSP) operations.  

Syncro’s unified and customizable solutions allow users to conduct business operations, that could be streamlined with its integrated invoicing, billing, contract management, automated remediation, and much more so that one can focus on generating revenue. Additionally, their tool offers users a 21-day trial.  

Prior to its most recent campaign, which researchers from Deep Instinct estimate started sometime in September, MuddyWater had employed a separate legitimate remote administration tool, named RemoteUtilities.  

According to the latest report by Deep Instinct, which mentions details of the MuddyWater attacks that recently took place on an Egyptian data hosting company, as well as the Israeli insurance and hospitality industries.  

"MuddyWater is not the only actor abusing Syncro […] It has also been observed recently in BatLoader and Luna Moth campaigns," the Deep Instinct team stated in the report. 

Moreover, MuddyWater has now joined BatLoader and Luna Moth threat groups, which have also been using Syncro in order to take control of devices. 

Security teams are cautioned by Deep Instinct which provided MuddyWater's indicators of compromise, to keep an eye out for unusual remote desktop apps inside their organisations. 

Share it:

Breach

Cyber Attacks

Deep Instinct

MuddyWater

Syncro

Threat Groups