Hi All
The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems.
Dubbed BugSleep, this new backdoor is still actively being developed and was discovered by analysts at Check Point Research while being distributed via well-crafted phishing lures.
The campaign pushes the malware via phishing emails disguised as invitations to webinars or online courses. The emails redirect the targets to archives containing malicious payloads hosted on the Egnyte secure file-sharing platform.
Regards
Caute_Cautim
Thanks for sharing @Caute_cautim.