Cyber espionage group MuddyWater’s or Mercury’s first major campaign was seen as early as 2012. But as things always go in the cybersecurity realm, threat groups, especially those that gain infamy, don’t necessarily just come and go.
Such is MuddyWater’s case in that instead of disappearing, it resurfaces bigger and better each time. PhonyC2—the threat group’s latest addition to its framework—is proof of that. Deep Instinct recently shone the spotlight on PhonyC2’s underbelly by publishing an in-depth investigation on the matter.
WhoisXML API used the 27 IP addresses and 12 domains identified as PhonyC2 IoCs as jump-off points for a DNS deep dive, which led to the discovery of:
- Three additional unique IP addresses to which some of the domains identified…
Source link