Researchers say a massive phishing campaign targeting Asia and Middle East regions is linked to an Iranian-based threat actor TEMP.Zagros, also known as MuddyWater. This latest attack illustrates an evolution by the threat actor, which has now adopted new tactics, techniques and procedures.
“We observed attackers leveraging the latest code execution and persistence techniques to distribute malicious macro-based documents to individuals in Asia and the Middle East,” wrote FireEye
researchers in a blog post Tuesday.
FireEye’s discovery builds off previous research into the group by Palo Alto Networks, Unit 42 and Trend Micro. In November,
Unit 42 first wrote about TEMP.Zagros (or MuddyWater) noting the attacks hit various industries in several countries, primarily in the Middle East and Central Asia, and lured victims to download infected documents and compromise their computer networks.
On Monday,
Trend Micro reported similarities between the MuddyWater campaign and these new attacks, stressing that the link signifies that the attackers are not merely interested in a one-off campaign, but will likely continue to perform cyberespionage activities against the targeted countries and industries.
....
....
....
....
