XLS and PDF files may contain new MuddyWater’s malware

The U.S. and British authorities have issued a warning about a spy group attacking targets worldwide through zip files. The group is called MuddyWater and is affiliated with Iranian intelligence, according to the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Cyber Command Cyber National Mission Force (CNMF) and the British National Cyber Security Center (NCSC).

The group has targeted public and private organizations in various sectors, including telecom, defence, oil and gas, in Africa, Asia, Europe and North America. To attack these organizations, the group uses known vulnerabilities in Microsoft Exchange and spear phishing, among other things. In these targeted phishing traps, the group sends zip files. The zip files contain an Excel document containing a malicious macro that, when enabled by the user, installs malware, or a pdf document that attempts to install malware.

To counter attack by the group, US and UK authorities recommend the use of application control software to limit which applications and code users can run. “Email attachments and files downloaded via links in emails often contain executable code,” the warning said. That’s why organizations are also enabled to completely disable hyperlinks in email and banner external emails.

Organizations are also advised to train users and limit the use of management rights. “Users who browse the internet, use email, and execute code with administrative privileges are a significant target for spear phishing, as their system, once infected, allows attackers to move laterally through the network, providing additional access, and accessing highly sensitive information,” the alert said. The FBI, CISA, CNMF and the NCSC also provide various indicators of compromise in the observation whereby organizations can detect the malware within their networks.

About the author: James Ramirez

As a former ⬛⬛⬛⬛⬛⬛ officer with a background in geopolitics and international relations, James Ramirez brings a unique perspective to the world of ⬛⬛⬛⬛⬛⬛⬛⬛ and intelligence.

Related assays

Kaspersky and DJIA put on blacklist by US regulator

Sarah Thompson

It’s Microsoft’s own fault: FTC

Sarah Thompson

Bad wars lead to bad peace deals, PM just realised

Sarah Thompson

Leave a Comment