Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinct’s Threat Research team reported. The phishing messages were aimed at deploying a legitimate remote administration tool called Advanced Monitoring Agent. This is the first time that the Iranian APT has employed the N-able’s remote monitoring software. The experts observed the threat actors targeting two Israeli organizations.
“On October 30th Deep Instinct identified two archives hosted on “Storyblok” containing a new multi-stage infection vector.” reads the report published by Deep Instinct. “It contains hidden files, an LNK file that initiates the infection, and an executable file designed to unhide a decoy document while executing Advanced Monitoring Agent, a remote administration tool.”
