A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two CastleRAT “builds” and a PowerShell script named reset.ps1 that deploys a previously undocumented JavaScript/Node.js agent dubbed ChainShell. On this server, two native […] The post Hackers Tie Iranian Espionage to CastleRAT and ChainShell appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/castlerat-and-chainshell/
