NewForTech

Home » Latest » Security » A group of Iranian hackers distributed malware disguised as a classic Snake game and targeted critical infrastructure in Israel and Egypt.

A group of Iranian hackers distributed malware disguised as a classic Snake game and targeted critical infrastructure in Israel and Egypt.

0 hits

A group of Iranian hackers distributed malware disguised as a classic Snake game and targeted critical infrastructure in Israel and Egypt.
2 minutes

Written by

Tech Insider (NewForTech Editorial Team)

in

  • Iran-affiliated group attacks Israeli and Egyptian infrastructure
  • The group’s previous attacks were powerful and easy to detect.
  • New technology and malware were used.

An Iran-linked hacker group called “MuddyWater” has radically changed its tactics to attack critical Israeli and Egyptian infrastructure.

The group’s previous campaigns, observed by ESET Research, were particularly clear in their tactics, techniques and procedures (TTP), making them easy to recognize.

However, the group has begun implementing a new backdoor distributed via Food Loader, often disguised as a classic Snake game.

Mud vipers, snakes and ladders.

The attacks generally targeted Israel’s telecommunications, government, oil and energy sectors. As part of this campaign, MuddyWater initially distributed phishing emails with PDF attachments referencing free remote monitoring and management (RMM) software. The installation files were hosted on OneHub, Egnyte, Mega and other free file hosting services.

Instead of installing legitimate RMM software, the files install loaders that allow attackers to create backdoors. In the attacks observed by ESET, a newly identified loader called Fooder implements the MuddyViper backdoor.

Fooder has a unique trait: he often dresses up as a snake. This technique is more than just a disguise, as Snake’s core logic provides the charger with a custom delay function, allowing it to hide its true function from analysis.

The MuddyViper tailgate has also been under the radar until now. Written in the C/C++ programming language, MuddyViper can collect system information, upload and download files, execute file and shell commands, and steal Windows login and browser data by displaying a fake Windows security dialog.

The MuddyWater campaign targeted 17 organizations in Israel from various sectors, including engineering, local government, manufacturing, technology, transport, public services and academia. The group also targeted an Egyptian technology organization.

For more information on the MuddyWater campaign and proof of commitment, see “MuddyWater: Snakes by the river‘ Research.