Rewterz Threat Alert – MuddyWater APT Targeting Middle East

Rewterz Threat Alert – Confucius APT Targeting Pakistan

November 19, 2020

Rewterz Threat Advisory – CVE-2020-3441 – Cisco Webex Meetings and Cisco Webex Meetings Server Vulnerability

November 19, 2020

Rewterz Threat Alert – MuddyWater APT Targeting Middle East

Severity

High

Analysis Summary

The Iranian cyber criminal group MuddyWater has resurfaced. The group primarily has targeted Middle Eastern, European and North American nations. The industries under target include telecommunications, government (IT services), and oil sectors. Most of the campaigns by MuddyWater are designed upon socially engineering their victims into enabling macros in order to
infect the targeted workstation. Once macros were enabled, the threat actor-written code would attempt to obtain a trojan hosted on an adversarial payload command and control node.

Impact

Information theft
Exposure of sensitive data

Indicators of Compromise

MD5

a2707bfb35c9fed11d81949873d3a00a

SHA-256

4e8a2b592ed90ed13eb604ea2c29bfb3fbc771c799b3615ac84267b85dd26d1c

SHA1

d450b0efac0c3bb84e22270c8d76cc02f000bdcb

Remediation

Block all threat indicators at your respective controls.
Never click on links/attachments sent by unknown senders.
Always be suspicious about emails sent by unknown senders.
Do not enable macros for untrusted files.

Rewterz Threat Alert – Confucius APT Targeting Pakistan

Rewterz Threat Advisory – CVE-2020-3441 – Cisco Webex Meetings and Cisco Webex Meetings Server Vulnerability

Rewterz Threat Alert – MuddyWater APT Targeting Middle East

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan