Iran's MuddyWater Hackers Hit US Firms with New 'Dindoor' Backdoor
ATT&CK techniques detected
T1588.003Code Signing Certificates
60%
“iran ' s muddywater hackers hit us firms with new ' dindoor ' backdoor several us companies have been targeted by iranian hacking group muddywater in a new campaign that started in early february and has continued after the us and israeli military strikes on iran. the campaign wa…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1048Exfiltration Over Alternative Protocol
54%
“leverages deno, the secure runtime for javascript and typescript, to execute. the researchers also observed an attempt to exfiltrate data from the software company using rclone, a command - line program to manage files on cloud storage, to a wasabi cloud storage bucket. it is not…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1105Ingress Tool Transfer
33%
“leverages deno, the secure runtime for javascript and typescript, to execute. the researchers also observed an attempt to exfiltrate data from the software company using rclone, a command - line program to manage files on cloud storage, to a wasabi cloud storage bucket. it is not…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A bank, an airport, a non-profit and the Israeli branch of a US software company were among the targets of this new MuddyWater campaign