A new advanced malware campaign by the state-sponsored group MuddyWater has been discovered, and it is using a clever trick to bypass standard firewalls.
The Threat: Hiding in Plain Sight (UDP) Most security tools focus heavily on TCP traffic. This new backdoor, dubbed “UDPGangster,” communicates exclusively over the UDP protocol (specifically port 1269) to send stolen data and receive commands. This allows it to slip past many traditional detection systems unnoticed.
Who Is Being Targeted? often using phishing emails disguised as government notifications (e.g., “Presidential Elections” or “Seminars”).
Technical Indicators for IT Teams:
- Malicious File:
seminer.doc(often delivered via zip) - Network Protocol: UDP (not DNS/NTP)
- Suspicious Traffic: Outbound UDP on Port 1269
- C2 IP to Block:
157.20.182[.]75
Action Required: 🛡️ Firewall Admins: Immediate block on outbound UDP traffic to the IP listed above. Review logs for unexplained UDP spikes. 📧 Users: Be hyper-vigilant with emails containing “seminar” invitations or government forms, especially if they come as zip files.
Stay vigilant. The landscape is evolving.
#CyberSecurity #InfoSec #ThreatIntel #MuddyWater #MalwareAlert #Planetmav #NetworkSecurity
Comments are closed