Iranian hackers known as Seedworm have targeted telecom companies in Egypt, Sudan, and Tanzania using custom tools and living-off-the-land techniques. The attacks took place in November 2023 and the hackers used a range of tools including MuddyC2Go infrastructure, SimpleHelp remote access tool, and Venom Proxy. The MuddyC2Go launcher executed PowerShell code to establish a connection with its command-and-control server. The attackers also utilized tools like Revsocks, AnyDesk, and a custom keylogger. Businesses need to be vigilant about unusual PowerShell usage on their networks. #IranianHackers #Seedworm #CyberSecurity

https://cybersecuritynews.com/iranian-hackers-attack-telecom-companies-using-custom-tools-and-living-off-the-land-techniques/