Compared to previous campaigns, this time MuddyWater changed their infection chain and did not rely on the legitimate Atera remote monitoring and management tool (RRM) as a validator... Instead, we observed that they used a new and undocumented implant.
MuddyWater places a high priority on gaining access to business email accounts as part of their ongoing attack campaigns... These compromised accounts serve as valuable resources, enabling the group to enhance the cre.
[
Collection
]
[
|
...
]