Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel.
“The framework’s web component is written in the Go programming language,” Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday.
The tool has been attributed to MuddyWater, an Iranian state-sponsored hacking crew that’s affiliated to the country’s Ministry of Intelligence and Security (MOIS).
The installation of the remote administration software paves the way for the delivery of additional payloads, including PhonyC2.
While the full extent of MuddyC2Go’s features are unknown, it’s suspected to be a framework that’s responsible for generating PowerShell payloads in order to conduct post-exploitation activities.
“We recommend disabling PowerShell if it is not needed,” Kenin said. “If it is enabled, we recommend close monitoring of PowerShell activity.”
Source: https://thehackernews.com/
