MuddyWater APT Adds DarkBeatC2 Framework Into Its Arsenal
"MuddyWater is an Iranian state-sponsored cyber threat group identified in 2017. It primarily targets Israeli organizations to gather valuable intelligence. The group employs spear phishing emails from compromised accounts and social engineering tactics for initial access. Once inside they collect sensitive data from multiple sources and use Atera for remote access. MuddyWater has used different command-and-control frameworks like SimpleHarm PhonyC2 and MuddyC2Go in the past. Recently theyve been found using a new framework called ""DarkBeatC2"" in their attacks."