{"id":1009584,"date":"2023-11-09T19:21:47","date_gmt":"2023-11-09T21:21:47","guid":{"rendered":"https:\/\/teknomers.com\/fr\/muddyc2go-nouveau-cadre-c2-utilise-par-les-pirates-iraniens-contre-israel\/"},"modified":"2023-11-09T19:21:50","modified_gmt":"2023-11-09T21:21:50","slug":"muddyc2go-nouveau-cadre-c2-utilise-par-les-pirates-iraniens-contre-israel","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/muddyc2go-nouveau-cadre-c2-utilise-par-les-pirates-iraniens-contre-israel\/","title":{"rendered":"MuddyC2Go\u00a0: nouveau cadre C2 utilis\u00e9 par les pirates iraniens contre Isra\u00ebl"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">09 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">Cyberattaque\/logiciel malveillant<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/MuddyC2Go-nouveau-cadre-C2-utilise-par-les-pirates-iraniens-contre.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Des acteurs \u00e9tatiques iraniens ont \u00e9t\u00e9 observ\u00e9s en utilisant un cadre de commandement et de contr\u00f4le (C2) jusqu\u2019alors non document\u00e9 appel\u00e9 <strong>BoueuxC2Go<\/strong> dans le cadre d&#8217;attaques visant Isra\u00ebl.<\/p>\n<p>&#8220;Le composant Web du framework est \u00e9crit dans le langage de programmation Go&#8221;, a d\u00e9clar\u00e9 Simon Kenin, chercheur en s\u00e9curit\u00e9 chez Deep Instinct. <a rel=\"nofollow noopener\" href=\"https:\/\/www.deepinstinct.com\/blog\/muddyc2go-latest-c2-framework-used-by-iranian-apt-muddywater-spotted-in-israel\" target=\"_blank\">dit<\/a> dans un rapport technique publi\u00e9 mercredi.<\/p>\n<p>L&#8217;outil a \u00e9t\u00e9 attribu\u00e9 \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/www.secureworks.com\/blog\/business-as-usual-for-iranian-operations-despite-increased-tensions\" target=\"_blank\">Eau boueuse<\/a>un <a rel=\"nofollow noopener\" href=\"https:\/\/blog.talosintelligence.com\/iranian-apt-muddywater-targets-turkey\/\" target=\"_blank\">iranien<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/www.mandiant.com\/resources\/blog\/telegram-malware-iranian-espionage\" target=\"_blank\">parrain\u00e9 par l&#8217;\u00c9tat<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligence\/seedworm-apt-iran-middle-east\" target=\"_blank\">le piratage<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/www.security.ntt\/blog\/analysis-of-an-iranian-apts-e400-powgoop-variant\" target=\"_blank\">\u00e9quipage<\/a> qui est affili\u00e9 au minist\u00e8re du Renseignement et de la S\u00e9curit\u00e9 (Vevak) du pays.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/4WnFxcNN\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Les-experts-mettent-en-garde-contre-les-pirates-de-ransomware.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>La soci\u00e9t\u00e9 de cybers\u00e9curit\u00e9 a d\u00e9clar\u00e9 que le cadre C2 pourrait avoir \u00e9t\u00e9 utilis\u00e9 par l&#8217;acteur malveillant depuis d\u00e9but 2020, avec des attaques r\u00e9centes l&#8217;exploitant \u00e0 la place de PhonyC2, une autre plate-forme C2 personnalis\u00e9e de MuddyWater qui a \u00e9t\u00e9 r\u00e9v\u00e9l\u00e9e en juin 2023 et qui a son code source. fuite.<\/p>\n<p>Les s\u00e9quences d&#8217;attaques typiques observ\u00e9es au fil des ann\u00e9es impliquent l&#8217;envoi d&#8217;e-mails de spear phishing contenant des archives contenant des logiciels malveillants ou de faux liens menant au d\u00e9ploiement d&#8217;outils d&#8217;administration \u00e0 distance l\u00e9gitimes.<\/p>\n<p>L&#8217;installation du logiciel d&#8217;administration \u00e0 distance ouvre la voie \u00e0 la livraison de charges utiles suppl\u00e9mentaires, dont PhonyC2.<\/p>\n<p>Le modus operandi de MuddyWater a depuis fait peau neuve, en utilisant des archives prot\u00e9g\u00e9es par mot de passe pour \u00e9chapper aux solutions de s\u00e9curit\u00e9 de messagerie et en distribuant un ex\u00e9cutable au lieu d&#8217;un outil d&#8217;administration \u00e0 distance.<\/p>\n<p>&#8220;Cet ex\u00e9cutable contient un script PowerShell int\u00e9gr\u00e9 qui se connecte automatiquement au C2 de MuddyWater, \u00e9liminant ainsi le besoin d&#8217;une ex\u00e9cution manuelle par l&#8217;op\u00e9rateur&#8221;, a expliqu\u00e9 Kenin.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/pjHvTZON\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.gif\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Le serveur MuddyC2Go, en retour, envoie un script PowerShell, qui s&#8217;ex\u00e9cute toutes les 10 secondes et attend d&#8217;autres commandes de l&#8217;op\u00e9rateur.<\/p>\n<p>Bien que l&#8217;\u00e9tendue compl\u00e8te des fonctionnalit\u00e9s de MuddyC2Go soit inconnue, il est soup\u00e7onn\u00e9 d&#8217;\u00eatre un framework charg\u00e9 de g\u00e9n\u00e9rer des charges utiles PowerShell afin de mener des activit\u00e9s post-exploitation.<\/p>\n<p>&#8220;Nous recommandons de d\u00e9sactiver PowerShell si cela n&#8217;est pas n\u00e9cessaire&#8221;, a d\u00e9clar\u00e9 Kenin.  &#8220;S&#8217;il est activ\u00e9, nous recommandons une surveillance \u00e9troite de l&#8217;activit\u00e9 PowerShell.&#8221;<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/muddyc2go-new-c2-framework-iranian.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80209 novembre 2023\ue804R\u00e9dactionCyberattaque\/logiciel malveillant Des acteurs \u00e9tatiques iraniens ont \u00e9t\u00e9 observ\u00e9s en utilisant un cadre de commandement et de contr\u00f4le (C2) jusqu\u2019alors non document\u00e9 appel\u00e9 BoueuxC2Go dans le cadre d&#8217;attaques visant Isra\u00ebl. &#8220;Le composant Web du framework est \u00e9crit dans le langage de programmation Go&#8221;, a d\u00e9clar\u00e9 Simon Kenin, chercheur en s\u00e9curit\u00e9 chez Deep Instinct. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1009585,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,4176,4168,841,4165,4161,200267,10783,6012,4159,4171,65,200271,200268,213920,680,200269,200270,164,4394,128318,4172,4169,1282,4166,4164],"class_list":["post-1009584","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-cadre","tag-comment-pirater","tag-contre","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-iraniens","tag-israel","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-les","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-muddyc2go","tag-nouveau","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-par","tag-pirates","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-utilise","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1009584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=1009584"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/1009584\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/1009585"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=1009584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=1009584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=1009584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}