MuddyWater has been seen using sophisticated techniques to compromise organizations in the past. However, in this campaign, they are using a freely available tool and relatively unsophisticated tactics. This campaign demonstrates the rise of phishing and the use of legitimate remote access tools to compromise organizations, which is relying primarily on the human behind the screen being vulnerable. To protect against attacks such as this, organizations should actively employ an email monitoring solution as well as monitoring for popular, unapproved remote access software in their environment. Additionally, organizations should provide phishing training to their employees so they can better identify any malicious emails that may receive, even when coming from a legitimate vendor email.
https://www.bleepingcomputer.com/news/security/hacked-corporate-email-accounts-used-to-send-msp-remote-access-tool/
