Iranian APT group MuddyWater Adds Exploits to Their Arsenal
released on 2019-06-06 @ 02:06:07 PM
Clearsky has detected new and advanced attack vector used by MuddyWater to target governmental entities and the telecommunication sector. Notably, the TTP includes decoy documents exploiting CVE-2017-0199 as the first stage of the attack. This is followed by the second stage of the attack – communication with the hacked C2 servers and downloading a file infected with the macros.