S0591Windows
S0591ConnectWise
Platforms
1
ATT&CK
14.1
References
3
Description
[ConnectWise](https://attack.mitre.org/software/S0591) is a legitimate remote administration tool that has been used since at least 2016 by threat actors including [MuddyWater](https://attack.mitre.org/groups/G0069) and [GOLD SOUTHFIELD](https://attack.mitre.org/groups/G0115) to connect to and conduct lateral movement in target environments.(Citation: Anomali Static Kitten February 2021)(Citation: Trend Micro Muddy Water March 2021)
Platforms· 1
Windows
Attributed to2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Group | MuddyWaterg0069 | 100% | live |
| Group | GOLD SOUTHFIELDg0115 | 100% | live |
References
- https://attack.mitre.org/software/S0591
- https://www.anomali.com/blog/probable-iranian-cyber-actors-static-kitten-conducting-cyberespionage-campaign-targeting-uae-and-kuwait-government-agencies
- https://www.trendmicro.com/en_us/research/21/c/earth-vetala---muddywater-continues-to-target-organizations-in-t.html
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.