Cyber companies Profero and Clearsky have published a joint report that says the Iranian "MuddyWater" group, which has ties to the Revolutionary Guard Corps, tried to penetrate Israeli companies during the last few weeks.
"In early September, we located attempts at an attack by the group "MuddyWater" against Israeli companies," said Omri Segev Moyal, Profero's CEO. "ClearSky was able to pinpoint an overlap between this attempt to an identical campaign uncovered recently by Palo Alto Networks."
Apparently, the goal was to launch fake ransomware attacks, aimed at encrypting the data of companies in the economy without allowing the capability to later recover the information. The attacks were launched through known operating system vulnerabilities or by phishing that included the use of infected PDF or Excel documents. Operations teams from Profero and Clearsky assisted the affected companies in overcoming the attack and continuing operations.
"Usually this group is engaged in social engineering campaigns, through which it steals information and spies on organizations," added Boaz Dolev, CEO of Clearsky. "However, at this exposure we first encountered a different attack outline that was likely intended to cause only harm and destruction."
"We are seeing a significant escalation in the Israeli-Iranian cyber conflict," concluded Segev Moyal. "We strongly recommend that companies and organizations be vigilant, build up their defense systems and exercise caution. In the current period, when organizations are increasingly relying on remote computer and work systems, any disruption can cause serious damage, and this attack proves that there are people targeting you."