MuddyWater, an Iranian-backed threat group, has changed its strategy and is now employing the remote administration tool Syncro to take control of target machines.
A fully functional remote access platform, Syncro is used by managed service provider operations. Even a 21-day free trial is available for the tool.
MuddyWater had employed a separate legitimate remote administration tool by the name of RemoteUtilities prior to this latest campaign, which researchers from Deep Instinct believe started sometime in September.
Also Read: Three Key Areas in Enterprise Cybersecurity to Focus on Before Entering 2023
A new Deep Instinct report details MuddyWater attacks on an Egyptian data hosting company, and on Israeli hospitality and insurance industries.
Read More: Iran-Backed MuddyWater’s Latest Campaign Abuses Syncro Admin Tool