"Middle East-Linked Hacking Group Is Working Hard to Mask Its Moves"
Researchers from Cisco's Talos have discovered that the hacking group supposedly linked to the Middle East, called BlackWater, is trying to mask its activities by circumventing host-based signatures and Yara signatures. According to researchers, these hackers have been successful at evading detection systems through the use of PowerShell stager attacks and a Visual Basic for Applications (VBA) script in addition to a separate command and control server. The actors behind BlackWater and the Iranian threat group, MuddyWater, are believed to be related as the code used by the two groups is the same and their targets are similar. This article continues to discuss the BlackWater hacking group in relation to its obfuscating tactics, tools, targets, and supposed links.
CyberScoop reports "Middle East-Linked Hacking Group Is Working Hard to Mask Its Moves"