MuddyWater campaign abusing Atera Agents
This report details an active campaign by the Iranian state-sponsored threat actor MuddyWater which has been using the legitimate remote monitoring and management tool Atera Agent as a first-stage payload in its attacks since late 2023. The threat actor has exploited Ateras free trial offer registering agents with various compromised email accounts and distributing installers through spearphishing emails. The report provides an overview of MuddyWaters tactics techniques and procedures including the infection chain spearphishing lures and the misuse of Ateras capabilities.