TZUTC: -0500   
   MSGID: 1776.consprcy@1:2320/105 2d96e4ca   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Iranian hacker group deploys malicious Snake game to target Egyptian and   
   Israeli critical infrastructure   
      
   Date:   
   Wed, 03 Dec 2025 16:44:00 +0000   
      
   Description:   
   MuddyWater has deployed more sophisticated techniques and malware in a string   
   of attacks targeting Israel and Egypt.   
      
   FULL STORY   
      
   An Iranian-aligned hacking group tracked as 'MuddyWater' has dramatically   
   shifted tactics in attacks against Israeli and Egyptian critical   
   infrastructure.    
      
    Previous campaigns by the group, observed by ESET Research, were   
   characteristically noisy in their tactics, techniques, and procedures (TTPs)   
   making them easily detectable.    
      
   However, the group has begun employing a new backdoor deployed via the Fooder   
   loader, which often disguises itself as the classic Snake game.   
      
   MuddyVipers, snakes, and ladders   
      
   The attacks have typically targeted Israeli telecommunications, governmental,   
   and oil and energy sectors. In this campaign, MuddyWater began by    
   distributing spearphishing emails with PDF attachments linking to free remote   
   monitoring and management (RMM) software, with the install files hosted on   
   OneHub, Egnyte, Mega, and other free file hosting services.    
      
   Rather than installing legitimate RMM software, the files instead install   
   loaders through which attackers can deploy backdoors. In the attacks observed   
   by ESET, a newly identified loader known as Fooder deploys the MuddyViper   
   backdoor.    
      
   Fooder has a unique characteristic - it often masquerades as the Snake game.   
   This technique is more than just a disguise, as the core logic of Snake   
   provides the loader with a custom delay function, allowing it to hide its    
   true function from analysis.    
      
   The MuddyViper backdoor is also previously unobserved. Written in the C/C++   
   programming language, MuddyViper is capable of collecting system information,   
   downloading and uploading files, executing files and shell commands, and   
   stealing Windows credentials and browser data by displaying a fake Windows   
   Security dialog.   
      
   The MuddyWater campaign targeted 17 organizations in Israel across a range of   
   sectors including engineering, local government, manufacturing, technology,   
   transportation, utilities, and universities. The group also targeted an   
   Egyptian organization in the tech sector.    
      
   For greater insight into the MuddyWater campaign, as well as indicators of   
   compromise, take a look at ESETs ' MuddyWater: Snakes by the riverbank '   
   research (in the article link below).   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/iranian-hacker-group-deploys-malicious-   
   snake-game-to-target-egyptian-and-israeli-critical-infrastructure   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426