skip to Main Content

Cyber Espionage, Muddy Water targets UAE and Kuwait with ScreenConnect

Anomali: Muddy Water targets UAE and Kuwait with ScreenConnect. The Iranian APT exploits 2 lures: a report on relations between Arab countries and Israel, or a file on scholarships

MuddyWater (aka MERCURY and Static Kitten) launched a new cyber espionage campaign against UAE and Kuwait government agencies. It has been discovered by Anomali cybersecurity experts. The Iran’s APT used ScreenConnect to target any MOFA with mfa[.]gov as part of the custom field. Researchers identified two lure ZIP files being used by the threat actor to trick users into downloading a purported report on relations between Arab countries and Israel, or a file relating to scholarships. URLs distributed through these phishing emails direct recipients to the intended file storage location on Onehub. The attack commences by directing users to a downloader URL pointing to these ZIP files via a phishing email. This, when opened, launches the installation process for ScreenConnect, and subsequently uses it to communicate with the adversary. The URLs themselves are distributed through decoy documents embedded in the emails.

Back To Top