DarkBeatC2: The Latest MuddyWater Attack Framework

Deep Instinct analysts describe increased Iranian state-aligned cyber activity against Israeli organisations, highlighting supply-chain intrusions (compromise of IT provider 'Rashim' and the 'Lord Nemesis' faketivist campaign), attribution and hand-offs among Iranian groups, and the discovery of a suspected MuddyWater C2 framework named 'DarkBeatC2'. The report includes PowerShell C2 snippets, analysis of how the C2 operates, related abuse of RMM tools, and an indicators appendix listing IPs and file hashes to support detection and response.