Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation MuddyWater POWERSTATS V3

The campaign targets a range of sectors with spear-phishing emails delivered from legitimate compromised accounts to drop a PowerShell-based backdoor labeled POWERSTATS v3. After gaining access to the network the attackers can upload various data from the infected host including system information, screenshots, and commands executed via cmd.exe. The group behind the attacks have been in operation since at least 2018 and continue to expand and update their tools and attack vectors.
Name Modified Date Sources
Operation MuddyWater POWERSTATS V3 2019-06-11