Days ago, the security company Rapid 7 announced on their website that the group MuddyWater has carried out a new ransomware attack.

The MOIS aligned threat actor group, MuddyWater, which has been active since around 2018, has carried out a ransomware attack. The attackers exploited Microsoft Teams to steal user credentials by using social engineering tactics. The group sent chat requests to employees and then initiated screen sharing sessions to gain access to the victim’s systems. The users were then told to type in their credentials and directed to a phishing page.

The group stole credentials, manipulated the MFA protects and compromised accounts. The threat actors then sent emails to users for extortion claiming to have stolen information and demanding a ransom.

For further information about this hacker group and their previous operations, go to our new page about Iranian cyber actor groups here.