VERY IMPORTANT

The report details an ongoing campaign by the Iranian state-sponsored threat actor MuddyWater that has been actively exploiting the legitimate remote monitoring and management (RMM) tool Atera Agent since late 2023. The group has been relying on Atera's free trial offers to generate agents registered with compromised email accounts, enabling them to establish remote access to targeted systems without setting up their own infrastructure. The campaign has targeted various sectors across multiple countries through spearphishing emails distributing the malicious Atera Agent installers.