![](https://static.wixstatic.com/media/34c96e_19dc997d121643b6b6857802dd794bdf~mv2.jpg/v1/fill/w_147,h_147,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_auto/34c96e_19dc997d121643b6b6857802dd794bdf~mv2.jpg)
Symantec reports an espionage campaign targeting the telecommunication sector in Egypt, Sudan and Tanzania. The events have been attributed to the Iranian state-sponsored threat actor Muddywater.
According to the report, investigation of these events revealed a malicious dynamic link library (DLL) consistent with the MuddyC2Go launcher which executes a PowerShell script which, in turn, enables connection to the command-and-control.
Once achieved foothold, the attackers downloaded a large set of hacking tools including Impacket WMIExec, remote access tools such as SimpleHelp and AnyDesk, and Venom, a proxy typically used in penetration testing. Additionally, investigators identified instances of RevSocks being installed on the compromised systems potentially to evade detection of malicious traffic.