Insight Into TTPs Of A Middle Eastern Threat Actor

Explore the tactics, techniques, and procedures of MuddyWater, a Middle Eastern threat actor, in this 33-minute conference talk from the Hack In The Box Security Conference. Delve into the group's cyber espionage activities targeting government organizations and industries across the Middle East and Central Asia. Examine their spear-phishing techniques, macro-powered attachments, and various backdoors used for infiltration. Analyze the unique capabilities of their malware, including disk wiping and anti-analysis features. Discover how the threat actor uses hacked websites as PHP proxies for stealthy command and control communication. Learn about the evolution of MuddyWater's tools and strategies, from initial infection vectors to post-exploitation tools. Gain insights into the attacker's mistakes, including uncontrolled proxies, weak cryptography, and poor operational security. Benefit from the expertise of Jaromir Horejsi, a Trend Micro threat researcher, as he shares his findings on preventing and hunting these sophisticated threats.

Introduction
Infection vector
Delivery methods - documents
Delivery methods - trojanized keygens
Post-exploitation tools - Python
Infrastructure - backend
Attacker's mistakes - uncontrolled proxies
Attacker's mistakes - weak crypto
Attacker's mistakes - bad OPSEC
Conclusion