With the development of technology, there has been a serious increase in the number of cyber attacks that threaten user security. Hackers continue to infiltrate devices that contain important information and materials, such as smartphones and computers, by trapping people with fake e-mails, messages and applications.
A while ago, it was revealed that Iran-based hacking group MuddyWater targeted private and state organizations in Turkey. The group ensnares our country’s institutions in a very popular way among hackers.
North Korean hackers use Windows to attack
The highly experienced North Korean hacker group Lazarus with a great reputation is now using Windows Update.
Muddywater targets Turkey with fake emails
Cisco Talos, known for his research in the field of cyber security and deciphering various cyber attacks on our country before, revealed that the Iranian-backed MuddyWater hacking group had launched a cyber attack on public and private institutions in our country.
According to the researcher, hackers use phishing emails to infiltrate the devices of these organizations. At this point, a fake e-mail is sent to the designated target, which appears to come from official institutions such as the Ministry of Health and the Ministry of Interior, but actually contains malware.
MuddyWater infiltrates the designated target’s device in a few steps. In the first place, when the target user clicks to download the PDF attachment in the fake e-mail, a text showing that the file cannot be opened appears. Then, at the bottom of the window that opens, a download button with the phrase “download the correct extension of the file” is presented to the user.
If the target institution or user is trapped and clicks the download button, the process is successfully completed for the MuddyWater hacking group. Immediately after the leak, various violations, especially data theft, begin.
According to Cisco Talos, the hacking group has been active since 2017 and has been carrying out attacks on various European and Asian countries, especially the United States. On the other hand, it is thought that it has started to target our country as of November 2021.