ইরানি MuddyWater হ্যাকাররা বিশ্বব্যাপী ফিশিংয়ের জন্য হ্যাক করা ইমেল অ্যাকাউন্ট ব্যবহার করে
Group-IB has linked a macro-based phishing campaign to the Iranian MuddyWater threat actor. Attackers used fake emails and Word documents to deploy Phoenix v4 and other malware. Despite macro blocking since 2022, older methods are still used in the wild. It’s October 2025, but some cybercriminals are still trying to deliver malware using Microsoft Word macros, experts warn. Recently, Group-IB security researchers uncovered a new cyberespionage campaign that begins by hacking email accounts, which attackers then use to distribute phishing emails. These messages targeted international organizations in various regions of the world and mimicked genuine correspondence to increase the likelihood that victims would actually open the emails. The messages also contained malicious attachments—Microsoft Word documents, which, when opened, encourage victims to enable macros. If they do, the macros will execute embedded Visual Basic code, which in turn deploys the Phoenix v4 backdoor. You might say: Macros are dead, long live macros! As is common for backdoors, Phoenix v4 gives attackers remote control and is equipped with advanced persistence methods. The attackers have used various Remote Monitoring and Management (RMM) tools (PDQ, Action1, and ScreenConnect), as well as the information stealer Chromium_Stealer, which is capable of snatching browser data from Chrome, Edge, Opera, and Brave.
Until mid-2022, macro-enabled Office documents were the most popular attack method for phishing hackers worldwide. However, around mid-2022, Word (Excel, PowerPoint, Access, and Visio) started blocking macros by default for downloaded or emailed files that were marked as coming from the internet (i.e., with the “Mark of the Web”), forcing attackers to move to other formats. Macro-enabled Office files all but vanished as phishing bait that day. Sign up for the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Group-IB attributed the campaign to MuddyWater, an Iranian state-sponsored threat actor. Ironically, this campaign proves once again that state actors are prone to using older technologies and methods, and it appears hackers are no exception. Researchers said there was code overlap with what they found in previous MuddyWater attacks. The domain infrastructure as well as malware samples point towards MuddyWater as well as the targeting pattern. Via Infosecurity Magazine. Follow TechRadar on Google News and add us as your favourite source in your feed for our expert news, reviews, and opinions. Don’t forget to click the “Subscribe” button! And of course, you can follow TechRadar on TikTok for news, reviews, unboxing videos and get regular updates from us on WhatsApp. Best antivirus for all budgets. Our top picks based on real testing and comparisons. (tagtotranslate).
প্রকাশিত: 2025-10-23 20:25:00
উৎস: www.techradar.com
