TEMP.Zagros in Action

While the whole world is dealing with the ongoing cyber war with the land war between Russia and Ukraine, the Iranian threat group TEMP.Zagros (aka MuddyWater) has been attributed to a new swarm of attacks targeting Turkey and the Arabian Peninsula with the goal of deploying remote access trojans (RATs) on compromised systems.

The group is active since at least May 2017 and targeting threatened a wide variety of countries and sectors especially in Middle East and Arabian Peninsula. TEMP.Zagros also known as multiple small groups behaving independently, rather than a single group.

The group had an intense work in Turkey, especially in January, at Turkish private organizations and governmental institutions with the goal of deploying a PowerShell-based backdoor. Recently, the group seems active again with an obfuscated trojan to execute arbitrary code and commands received from its command and control (C2) servers.

For more information about the groups TTPs;

https://attack.mitre.org/groups/G0069/

Leave a Reply