TLDR:
- MuddyWater hackers are using the Atera Agent RMM tool to deliver malware
- MuddyWater, a state-sponsored threat actor known for espionage, is targeting various industries
The Iranian state-sponsored threat actor, MuddyWater, has been observed exploiting the legitimate remote monitoring and management (RMM) tool, Atera Agent, to conduct a malware delivery campaign. This tactic has been a part of their modus operandi since at least 2021. MuddyWater, also known as SeedWorm or TEMP.Zagros, targets entities in the Middle East but has expanded its activities globally. They have been using the Atera Agent to deploy malicious payloads, taking advantage of the legitimate nature of the software to evade detection. The campaign’s timeline traces back to October 2023, reflecting MuddyWater’s evolving tactics as they adapt to exploit software vulnerabilities. As threat actors evolve, organizations must heighten their cybersecurity defenses to mitigate such threats.