Iranian Hackers Utilize SimpleHelp Software for Long-Term Access

April 18, 2023 at 09:05 AM

•

1 min read

Iranian Hackers Utilize SimpleHelp Software for Long-Term Access — Photo: The Hacker News

TL;DR Summary

Iranian threat actor MuddyWater has been using the legitimate remote support software SimpleHelp to ensure persistence on victim devices. The group, believed to be a subordinate element within Iran's Ministry of Intelligence and Security, has previously used ScreenConnect, RemoteUtilities, and Syncro. SimpleHelp is not compromised and is used as intended, with the threat actors downloading the tool from the official website. The exact distribution method used to drop the SimpleHelp samples is currently unclear, although the group is known to send spear-phishing messages bearing malicious links from already compromised corporate mailboxes.

Topics:world #cybersecurity #iranian-hackers #muddywater #persistence #remote-support-software #simplehelp

Share this article

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

72%

329 → 91 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights