{"id":63234,"date":"2024-04-26T07:41:48","date_gmt":"2024-04-26T07:41:48","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=63234"},"modified":"2024-04-26T07:43:05","modified_gmt":"2024-04-26T07:43:05","slug":"muddywater-hackers-abusing-rmm-tool-deliver-malware","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/","title":{"rendered":"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware"},"content":{"rendered":"\n

The Iranian state-sponsored threat actor MuddyWater has been observed exploiting a legitimate remote monitoring and management (RMM) tool, Atera Agent, to conduct a sophisticated malware delivery campaign. <\/p>\n\n\n\n

This alarming trend has been under scrutiny since the beginning of 2024, with a notable increase in activity since October 2023, coinciding with the Hamas attack during the same period.<\/p>\n\n\n\n

MuddyWater, recognized for its state-sponsored cyber activities, has a history of leveraging legitimate RMM software to deploy initial payloads in its cyberattacks<\/a>. <\/p>\n\n\n\n

This tactic has been a part of their modus operandi since at least 2021. <\/p>\n\n\n\n

According to the Harfang Lab report<\/a>, the group’s strategic use of RMM tools allows it to maintain a low profile, making its malicious activities more complicated to detect as they blend in with regular network traffic.<\/p>\n\n\n\n

Is Your Network Under Attack? - Read CISO\u2019s Guide to Avoiding the Next Breach - Download Free Guide<\/a><\/code><\/strong><\/p>\n\n\n\n

MuddyWater Hackers<\/strong><\/h2>\n\n\n\n

The MuddyWater group, also known as SeedWorm or TEMP.Zagros, has been active since 2017 and is known for its espionage campaigns that primarily target entities in the Middle East. <\/p>\n\n\n\n

However, their activities have expanded globally, affecting various sectors, including telecommunications, government, and oil industries.<\/p>\n\n\n\n

The group’s sophisticated techniques and state backing make them a formidable threat in the cyber domain.<\/p>\n\n\n\n

RMM Tool<\/strong><\/h2>\n\n\n\n

The RMM tool, Atera Agent, is designed to help IT professionals manage networks and provide remote support. <\/p>\n\n\n\n

While such tools are invaluable for legitimate IT operations, they also present an attractive vector for cyber attackers.<\/p>\n\n\n

\n
\"Atera
Atera Web UI<\/figcaption><\/figure><\/div>\n\n\n

MuddyWater’s exploitation of Atera Agent demonstrates how threat actors can subvert trusted software to gain unauthorized access to systems and networks.<\/p>\n\n\n\n

MuddyWater’s campaign uses the Atera Agent to deliver malware to compromised systems. <\/p>\n\n\n\n

By abusing the trust in RMM tools<\/a>, the group can deploy malicious payloads without raising immediate suspicion. <\/p>\n\n\n\n

This approach facilitates the initial breach and aids in establishing persistence within the targeted networks, enabling long-term access and data exfiltration.<\/p>\n\n\n\n\n\n\n Document<\/title>\n <style>\n @import url('https:\/\/fonts.googleapis.com\/css2?family=Poppins&display=swap');\n @import url('https:\/\/fonts.googleapis.com\/css2?family=Poppins&family=Roboto&display=swap');\n *{\n margin: 0; padding: 0;\n text-decoration: none;\n }\n .container{\n font-family: roboto, sans-serif;\n width: 90%;\n border: 1px solid lightgrey;\n padding: 20px;\n background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%);\n margin: 20px auto ;\n border-radius: 40px 10px;\n box-shadow: 5px 5px 5px #e2ebff;\n }\n .container:hover{\n box-shadow: 10px 10px 5px #e2ebff;\n\n }\n .container .title{\n color: #015689;\n font-size: 22px;\n font-weight: bolder;\n }\n .container .title{\n text-shadow: 1px 1px 1px lightgrey;\n }\n .container .title:after {\n width: 50px;\n height: 2px;\n content: ' ';\n position: absolute;\n background-color: #015689;\n margin: 20px 0;\n }\n .container h2{\n line-height: 40px;\n margin: 5px 3px;\n font-weight: bolder;\n }\n .container a{\n \n color: #170d51;\n }\n .container p{\n font-size: 18px;\n line-height: 30px;\n margin: 10px 0;\n \n }\n \n .container button{\n padding: 15px;\n background-color: #4469f5;\n border-radius: 10px;\n border: none;\n background-color: #00456e ;\n font-size: 16px;\n font-weight: bold;\n margin-top: 5px;\n }\n .container button:hover{\n box-shadow: 1px 1px 15px #015689;\n transition: all 0.2S linear;\n \n }\n .container button a{\n color: white;\n }\n hr{\n \/ display: none; \/\n }\n\n .listWrapper {\n padding-left: 4rem;\n \/*list-style-type: none;*\/\n }\n\n .listWrapper li {\n \/*padding-left: 2rem;\n background-image: url(star.svg);*\/\n background-position: 0 0;\n line-height: 2rem;\n background-size: 1.6rem 1.6rem;\n background-repeat: no-repeat;\n }\n\n <\/style>\n<\/head>\n<body>\n <section class=\"container\">\n <H2>Integrate ANY.RUN in Your Company for Effective Malware Analysis<\/H2>\n <p>Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:<\/p>\n <ul class=\"listWrapper\">\n <li>Real-time Detection<\/li>\n <li>Interactive Malware Analysis <\/li>\n <li>Easy to Learn by New Security Team members<\/li>\n <li>Get detailed reports with maximum data<\/li>\n <li>Set Up Virtual Machine in Linux & all Windows OS Versions<\/li>\n <li>Interact with Malware Safely<\/li>\n <\/ul>\n <p>If you want to test all these features now with completely free access to the sandbox: \n <\/p>\n <button> <a href=\"https:\/\/app.any.run\/#register?utm_source=csnandgbhackers&utm_medium=article&utm_campaign=5majorphishing&utm_content=register&utm_term=040424\" target=\"_blank\" rel=\"nofollow noopener\"> \n Try ANY.RUN for FREE <\/a>\n <\/button>\n <\/section>\n<\/body>\n<\/html\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-atera-agent\"><strong>Atera Agent<\/strong><\/h2>\n\n\n\n<p>In recent campaigns, the Atera Agent has become a tool of choice for MuddyWater. <\/p>\n\n\n\n<p>The software’s legitimate nature allows threat actors to conduct their operations under the guise of regular administrative activity.<\/p>\n\n\n\n<p>This has significant implications for cybersecurity defenses, as distinguishing between legitimate and malicious use of such tools becomes increasingly challenging.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"602\" height=\"203\" src=\"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/04\/image-77.png\" alt=\"Estimated timeline of Atera agent activity\" class=\"wp-image-63250\" srcset=\"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/04\/image-77.png 602w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/04\/image-77-300x101.png 300w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2024\/04\/image-77-150x51.png 150w\" sizes=\"auto, (max-width: 602px) 100vw, 602px\" \/><figcaption class=\"wp-element-caption\">Estimated timeline of Atera agent activity<\/figcaption><\/figure><\/div>\n\n\n<p>The campaign’s timeline traces back to October 2023, when malicious activities surged following the <a href=\"https:\/\/cybersecuritynews.com\/iran-launched-cyberattack\/\" target=\"_blank\" rel=\"noreferrer noopener\">Hamas attack<\/a>. <\/p>\n\n\n\n<p>This suggests a possible strategic alignment or opportunistic exploitation of the chaotic digital environment post-attack. <\/p>\n\n\n\n<p>The timeline reflects MuddyWater’s evolving tactics as it adapts and refines its methods to exploit the latest software vulnerabilities and operational blind spots.<\/p>\n\n\n\n<p>The revelation of MuddyWater’s latest campaign underscores the need for heightened vigilance and robust cybersecurity measures.<\/p>\n\n\n\n<p>Organizations must be aware of the potential misuse of legitimate tools within their environment and implement strategies to detect and mitigate such threats. <\/p>\n\n\n\n<p>As threat actors evolve, so must the defenses of those they target.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-indicators-of-compromise-iocs\"><strong>Indicators of compromise (IOCs)<\/strong><\/h2>\n\n\n\n<p><strong>Hashes (SHA-256)<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">9b49d6640f5f0f1d68f649252a96052f1d2e0822feadd7ebe3ab6a3cadd75985|Atera Agent<br><br>5d7eb6c36d261adeef1a59bde9eb965f5d8d7f56a2e607da913e782167ba6cb6|Atera Agent<br><br>14c270cf53a50867e42120250abca863675d37abf39d60689e58288a9e870144|Atera Agent, Tejasnetworks.com.webinar.msi<br><br>638c7a4f833dc95dbab5f0a81ef03b7d83704e30b5cdc630702475cc9fff86a2|Atera Agent, Polaristek.msi<br><br>dd2675e2f6835f8a8a0e65e9dbc763ca9229b55af7d212da38b949051ae296a5|Atera Agent, karel.com.tr.telekom\u00fcnikasyonWebsemineri.msi \/ comviva.com.webinar.msi<br><br>165a80f6856487b3b4f41225ac60eed99c3d603f5a35febab8235757a273d1fd|Atera Agent, setup_aleh_aleh.msi<br><br>d22fd0cdd6ace24e117d7330e9996a2809c2c2cb280b12f9ea43c484d2bfcfd4|Atera Agent, setup_aleh_aleh (1).msi<br><br>f9c1a117de8519060a3bf189e72277e895345b8fece73fc0d750946c7f288367|Atera Agent, BLUMENTAL.WEBINAR.msi<br><br>2722e289767ae391e3c3773b8640a8b9f6eb24c6a9d6e541f29c8765f7a8944b|Atera Agent, IronSword.msi<br><br>ffbe988fd797cbb9a1eedb705cf00ebc8277cdbd9a21b6efb40a8bc22c7a43f0|Atera Agent<br><br>2ae6c5c2b71361f71ded4ad90bbf6ef0b0f4778caf54078c928e2017302fbe69|Atera Agent<br><br>c6128f222f844e699760e32695d405bd5931635ec38ae50eddc17a0976ccefb4|Atera Agent, \u05de\u05d9\u05dc\u05d2\u05d4.msi<br><br>ff2ae62ba88e7068fa142bbe67d7b9398e8ae737a43cf36ace1fcf809776c909|Atera Agent, \u05ea\u05d5\u05db\u05e0\u05ea \u05ea\u05d9\u05d9\u05e8\u05d5\u05ea.msi<br><br>c2f95299d8aa912e1b753f3f0780a00ea6e8b5dab0245d77fcf3b6499677c328|Atera Agent, Leonardo Hotels-tourism software.msi<br><br>e89f48a7351c01cbf2f8e31c65a67f76a5ead689bb11e9d4918090a165d4425f|Atera Agent, Salary.msi<br><br>326dd85d76d33f3f04cbe7eef6d10ea73f800c84bfc3ed6f3963403c981bbb6e|Atera Agent, virtual-library.msi<br><br>ec553e14b84ccca9b84e96a9ed19188a1ba5f4bf1ca278ab88f928f0b00b9bd0|Atera Agent<br><br>09e09503962a2a8022859e72b86ad8c69dcbf79839b71897c0bf8a4c4b9f4dd6|Atera Agent, digitalform.msi<br><br>fb58c54a6d0ed24e85b213f0c487f8df05e421d7b07bd2bece3a925a855be93a|Atera Agent, \u05ea\u05db\u05e0\u05d9\u05ea \u05de\u05d5\u05e2\u05e6\u05ea \u05de\u05d7\u05d5\u05d6 \u05d2\u05d5\u05dc\u05df.msi<br><br>4b41b605ffc0e31bd9d460d5a296ac6e8cfd56a215dc131e90ec2654f0ffe31b|Malicious Zip archive, karel.com.tr.telekom\u00fcnikasyonWebsemineri.zip<br><br>85103955e35a1355ce68a92eaedd8f9376de1927d95bf12657b348dea6a8077b|Malicious Zip archive, Tejasnetworks.com.webinar.zip<br><br>bab601635aafeae5fbfe1c1f7204de17b189b345efd91c46001f6d83efbb3c5a|Malicious Zip archive, comviva.com.webinar.zip<br><br>900d08037d303d9b3d4a855e1a97d1f9283c28fe279e67eefe9997f856eeb439|Malicious Zip archive<br><br>cc8be1d525853403f6cfabcf0fc3bd0ca398ece559388102a7fc55e9f3aa9b33|Malicious Zip archive<br><br>7daab239271e088f04cae95627cc0066f48a1b178a1ff60b1140aa729126e928|Malicious Zip archive, Leonardo Hotels-tourism software.zip<br><br>cc4cc20b558096855c5d492f7a79b160a809355798be2b824525c98964450492|Malicious Zip archive, Salary.zip<br><br>31591fcf677a2da2834d2cc99a00ab500918b53900318f6b19ea708eba2b38ab|Malicious Zip archive, \u05ea\u05db\u05e0\u05d9\u05ea \u05de\u05d5\u05e2\u05e6\u05ea \u05de\u05d7\u05d5\u05d6 \u05d2\u05d5\u05dc\u05df.zip<br><br>f17f6866f4748e6e762752062acdf983d3b083371db83503686b91512b9bcae3|Malicious Zip archive, digitalform.zip<br><br>7e6a5e32596b99f45ea9099a14507a82c10a460c56585499d7cd640f2625567f|Malicious Zip archive, Polaristek.zip<br><br>fb02e97d52a00fca1580ca71ed152dd28dd5ae28ab0a9c8e7b32cebd7f1998a1|Malicious Zip archive, \u05de\u05d9\u05dc\u05d2\u05d4.zip<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p class=\"has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 81%,rgb(169,184,195) 100%)\"><strong><code>Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> <\/code><\/strong><code><strong><a href=\"https:\/\/trustifi.com\/Email-Security-Awareness-Training\/?utm_source=cybersecuritynews&utm_medium=linkedin&utm_campaign=cybersecuritynews&utm_id=cybersecuritynews\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Try Free Demo <\/a><\/strong><\/code><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Iranian state-sponsored threat actor MuddyWater has been observed exploiting a legitimate remote monitoring and management (RMM) tool, Atera Agent, to conduct a sophisticated malware delivery campaign. This alarming trend has been under scrutiny since the beginning of 2024, with a notable increase in activity since October 2023, coinciding with the Hamas attack during the […]<\/p>\n","protected":false},"author":21,"featured_media":63255,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp","fifu_image_alt":"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,33],"tags":[149,151,266],"class_list":{"0":"post-63234","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-malware","9":"tag-cyber-security","10":"tag-cyber-security-news","11":"tag-malware"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>MuddyWater Hackers Abusing RMM Tool to Deliver Malware<\/title>\n<meta name=\"description\" content=\"MuddyWater has been observed exploiting a legitimate RMM tool, Atera Agent, to conduct a sophisticated malware delivery campaign.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware\" \/>\n<meta property=\"og:description\" content=\"MuddyWater has been observed exploiting a legitimate RMM tool, Atera Agent, to conduct a sophisticated malware delivery campaign.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-26T07:41:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-26T07:43:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp\" \/>\n<meta name=\"author\" content=\"Dhivya\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dhivya\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"MuddyWater Hackers Abusing RMM Tool to Deliver Malware","description":"MuddyWater has been observed exploiting a legitimate RMM tool, Atera Agent, to conduct a sophisticated malware delivery campaign.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/","og_locale":"en_US","og_type":"article","og_title":"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware","og_description":"MuddyWater has been observed exploiting a legitimate RMM tool, Atera Agent, to conduct a sophisticated malware delivery campaign.","og_url":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2024-04-26T07:41:48+00:00","article_modified_time":"2024-04-26T07:43:05+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp","type":"","width":"","height":""}],"author":"Dhivya","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Dhivya","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/"},"author":{"name":"Dhivya","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/d94404f7d0775890de78741b1db98f83"},"headline":"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware","datePublished":"2024-04-26T07:41:48+00:00","dateModified":"2024-04-26T07:43:05+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/"},"wordCount":398,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news","malware"],"articleSection":["Cyber Security News","Malware"],"inLanguage":"en-US","copyrightYear":"2024","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/","url":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/","name":"MuddyWater Hackers Abusing RMM Tool to Deliver Malware","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2024-04-26T07:41:48+00:00","dateModified":"2024-04-26T07:43:05+00:00","description":"MuddyWater has been observed exploiting a legitimate RMM tool, Atera Agent, to conduct a sophisticated malware delivery campaign.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#primaryimage","url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900","caption":"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/muddywater-hackers-abusing-rmm-tool-deliver-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"MuddyWater Hackers Abusing Legitimate RMM Tool to Deliver Malware"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World's #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/d94404f7d0775890de78741b1db98f83","name":"Dhivya","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/030ce841d650bd7608e500f5df725da8758a0fd9fe0397842fb061f63cbf20a2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/030ce841d650bd7608e500f5df725da8758a0fd9fe0397842fb061f63cbf20a2?s=96&d=mm&r=g","caption":"Dhivya"},"description":"Divya is a Senior Journalist at Cyber Security news covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.","sameAs":["https:\/\/cybersecuritynews.com\/","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"],"url":"https:\/\/cybersecuritynews.com\/author\/dhivya\/"}]}},"jetpack_featured_media_url":"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjbL_sMHTMa9qgYM9uM8iIgBPKlwqSfIBQrOcsmsqg_3tGzHVQPMH3MDBERxLyrwxmESFxCAjucSFp1Ck8GfayVlX8vcq3xZyXDvbYOUJNf-9jSuw7vL6U01yOY67yj9xq2-_7jZOl66J7sxMEjTh9-Nc7bfj-lJsU4B1LD8nZAabcom52952qnPj2GloYb\/s1600\/MuddyWater%20Hackers-1.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/63234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=63234"}],"version-history":[{"count":3,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/63234\/revisions"}],"predecessor-version":[{"id":63257,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/63234\/revisions\/63257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/63255"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=63234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=63234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=63234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}