Iranian hackers targeted over 100 govt orgs with Phoenix backdoor www.bleepingcomputer.com/news/secu…

State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor.

The threat actor is also known as Static Kitten, Mercury, and Seedworm, and it typically targets government and private organizations in the Middle East region.

Starting August 19, the hackers launched a phishing campaign from a compromised account that they accessed through the NordVPN service.

The emails were sent to numerous government and international organizations in the Middle East and North Africa, cybersecurity company Group-IB says in a report today.

According to the researchers, the threat actor took down the server and server-side command-and-control (C2) component on August 24, likely indicating a new stage of the attack that relied on other tools and malware to gather information from compromised systems.

Most of the targets of this MuddyWater campaign are embassies, diplomatic missions, foreign affairs ministries, and consulates.