skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Sophos Identifies Phishing Campaign Linked to MuddyWater Group

/ 1 min read

Sophos MDR tracks Iranian threat actor MuddyWater’s phishing campaign. Sophos has identified a new phishing campaign linked to the Iranian group MuddyWater, also known as TA450, which aims to steal credentials by enticing targets to download a legitimate remote management tool, Atera. The campaign was first detected in November when Sophos blocked credential dumping attempts targeting an organization in Israel. The attackers used a phishing email to direct victims to a shared document, leading to the download of a compressed installer for Atera, which was registered with a compromised email. Following installation, the threat actors executed commands to dump credentials and create a backup of the SYSTEM registry. Sophos continues to monitor this activity for further developments.