To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Meni Tasa
Content provided by Meni Tasa. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Meni Tasa or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

CyberBrief Project « »
When IT Tools Become the Attack

5:43
 
Play
Playing
Share
 

MP3Episode home
Manage episode 498969947 series 3682380
Content provided by Meni Tasa. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Meni Tasa or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

"Send me a quick text"

In this episode, we explore a stealthy credential access campaign attributed to the Iranian-linked group MuddyWater, also known as TA450.

The attack began with a phishing email that delivered a legitimate installer for the Atera Agent—used to quietly gain remote access to the victim’s machine. From there, the attackers used built-in scripting tools to extract credential-related data, mapped the domain, and created a persistent SSH tunnel. They later deployed a second RMM tool to reinforce their access.

Defensive Recommendations:

  • Block installation of RMM tools like Atera or Level RMM unless deployed by authorized teams
  • Monitor for new outbound SSH connections, especially from workstations
  • Restrict PowerShell execution and logging, particularly for registry access or remote scripts
  • Implement alerts for sudden use of remote access tools during off-hours or by non-admin users
  • Maintain a baseline of approved software, and alert on deviations

Tools and Infrastructure Observed:

  • Atera Agent (installed by user via phishing lure)
  • Level RMM (retrieved via obfuscated PowerShell command)
  • SSH tunnel to remote infrastructure (used for persistence and control)

Support the show

Thanks for spending a few minutes on the CyberBrief Project.

If you want to dive deeper or catch up on past episodes, head over to cyberbriefproject.buzzsprout.com.

You can also find the podcast on YouTube at youtube.com/@CyberBriefProject I’d love to see you there.

And if you find these episodes valuable and want to support the project, you can do that here: buzzsprout.com/support

Your support means a lot.

See you in the next one, and thank you for listening.

  continue reading

12 episodes

#Tech #Meni Tasa
Artwork

When IT Tools Become the Attack

CyberBrief Project

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 498969947 series 3682380
Content provided by Meni Tasa. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Meni Tasa or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

"Send me a quick text"

In this episode, we explore a stealthy credential access campaign attributed to the Iranian-linked group MuddyWater, also known as TA450.

The attack began with a phishing email that delivered a legitimate installer for the Atera Agent—used to quietly gain remote access to the victim’s machine. From there, the attackers used built-in scripting tools to extract credential-related data, mapped the domain, and created a persistent SSH tunnel. They later deployed a second RMM tool to reinforce their access.

Defensive Recommendations:

  • Block installation of RMM tools like Atera or Level RMM unless deployed by authorized teams
  • Monitor for new outbound SSH connections, especially from workstations
  • Restrict PowerShell execution and logging, particularly for registry access or remote scripts
  • Implement alerts for sudden use of remote access tools during off-hours or by non-admin users
  • Maintain a baseline of approved software, and alert on deviations

Tools and Infrastructure Observed:

  • Atera Agent (installed by user via phishing lure)
  • Level RMM (retrieved via obfuscated PowerShell command)
  • SSH tunnel to remote infrastructure (used for persistence and control)

Support the show

Thanks for spending a few minutes on the CyberBrief Project.

If you want to dive deeper or catch up on past episodes, head over to cyberbriefproject.buzzsprout.com.

You can also find the podcast on YouTube at youtube.com/@CyberBriefProject I’d love to see you there.

And if you find these episodes valuable and want to support the project, you can do that here: buzzsprout.com/support

Your support means a lot.

See you in the next one, and thank you for listening.

  continue reading

12 episodes

#Tech #Meni Tasa

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play