Cyber Espionage

Threat actors linked to the Iranian state have launched a new series of attacks against Israeli entities in various sectors, deploying a previously undocumented backdoor known as MuddyViper. The activity has been attributed to MuddyWater (also known as Mango Sandstorm or TA450), a hacking group allegedly affiliated with Iran’s Ministry of Intelligence and Security (MOIS). The attacks not only focused on Israel, but also on a technology company based in Egypt. Affected sectors in Israel include academia, engineering, local government, manufacturing, technology, transportation and public services. ...

Threat actors linked to the RomCom group have been observed using the SocGholish JavaScript loader to deliver the Mythic Agent to a US-based civil engineering company. This event marks the first time that a RomCom payload distributed through SocGholish has been detected. The attack has been attributed with medium-high confidence to Unit 29155 of the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). The targeted entity is a company that had previously worked for a city with close ties to Ukraine. ...