MuddyWater used Dropbox links and document attachments with URLs redirected to ZIP archives as lures in its campaign, which also utilized compromised corporate email accounts. In addition to using Remote Utilities and ScreenConnect installers in their archive files, attackers have also switched to Atera Agent. Recent updates to the campaign have enabled the delivery of the Syncro remote administration tool, which could provide attackers with total machine control, enabling reconnaissance, additional backdoor delivery, and sale of access. With such capabilities, a threat actor has nearly unlimited options for accessing corporate machines.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox