TEMP.Zagros in Action

While the whole world is dealing with the ongoing cyber war with the land war between Russia and Ukraine, the Iranian threat group TEMP.Zagros (aka MuddyWater) has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems.

The group is active since at least May 2017 and targeting threatened a wide variety of countries and sectors especially in Middle East and Arabian Peninsula. TEMP.Zagros also known as multiple small groups behaving independently, rather than a single group.

The group had an intense work in Turkey, especially in January, at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor. Recently, the group seems active again with an obfuscated trojan to execute arbitrary code and commands received from its command and control (C2) servers.

For more information about the groups TTPs;

https://attack.mitre.org/groups/G0069/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s