New Infrastructure of MuddyWater APT Group Uncovered

20 April 2023
MuddyWater has been employing SimpleHelp, a lawful tool used for managing and controlling remote devices, to establish persistence on compromised devices, revealed researchers. The attackers send phishing emails containing links to file storage systems such as OneDrive, Dropbox, or OneHub to download SimpleHelp installers.