"The APT deployed a new backdoor dubbed Dindoor on the networks of the software supplier's Israeli branch, the US bank, and the Canadian NGO. The backdoor is signed with a certificate issued for 'Amy Cherne'. The APT also attempted to exfiltrate data from the software company's Israeli branch."
"Broadcom's cybersecurity team also discovered a Python backdoor dubbed Fakeset on the networks of a US airport and a non-profit organization, also signed with an Amy Cherne certificate and with a certificate issued for 'Donald Gay', which was used in previous MuddyWater attacks as well."
"While it's not known if the operations of Seedworm are disrupted by the current conflict, already having a presence on U.S. and Israeli networks prior to the current hostilities beginning means the threat group is in a potentially dangerous position to launch attacks."
MuddyWater, an Iranian APT active since 2017, has infiltrated multiple US organizations including an aerospace and defense contractor, bank, airport, and NGO, as well as entities in Canada and Israel. The threat actor deployed two new backdoors: Dindoor on networks of a software supplier's Israeli branch, a US bank, and Canadian NGO; and Fakeset on a US airport and non-profit organization. Both backdoors were signed with certificates for 'Amy Cherne' and 'Donald Gay'. The activity intensified following recent US and Israeli military strikes on Iran. While observed activity has been disrupted, other organizations remain vulnerable to compromise.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]