Command-and-control framework PhonyC2 attributed to Iran’s Muddywater group

The Iranian state-sponsored group MuddyWater is reportedly using a new command-and-control (C2) framework, named PhonyC2, to exploit vulnerabilities and conduct cyberespionage activities. This includes attacks on Israeli software SysAid, Technion, and the PaperCut print management software. Deep Instinct’s report claims the framework is continuously evolving and formed part of MuddyWater’s toolkit since 2021.