MuddyWater hacking group targets Turkey in new campaign

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,554
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions.
A new report by researchers at Cisco Talos links MuddyWater to recent attacks targeting Turkish private organizations and governmental agencies.

The attacks start with spear-phishing that uses files with Turkish language names and pretend to come from the country's Health or Interior ministry.
As part of the attack, the MuddyWater threat actors use two infection chains that begin with delivering a PDF file. In the first case, the PDF features an embedded button that fetches an XLS file upon clicking it. [...]