https://www.cyberscoop.com/muddywater-tajikstan-clearsky/
By Sean Lyngaas
CYBERSCOOP
June 6, 2019
Undeterred by the reported dumping of its data online, an Iran-linked
hacking group has been using malicious documents and files to target
telecommunications organizations and impersonate government entities in
Iraq, Pakistan, and Tajikistan, researchers said Thursday.
The so-called MuddyWater group has been carrying out attacks in two stages
against the targets, according to research published by Israeli company
ClearSky Cyber Security. The first stage uses lure documents to exploit a
known vulnerability in Microsoft Office that allows for remote code
execution. The second stage lets the attackers communicate with hacked
servers to download an infected file.
"This is the first time MuddyWater has used these two vectors in
conjunction," ClearSky said in its research, which warned that just three
antivirus engines were detecting the malicious documents analyzed.
In one example, a document disguised as a United Nations development plan
for Tajikistan was actually packed with malware. The malware was uploaded
to VirusTotal, the malware-analysis platform, from Tajikistan, according
to ClearSky.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
