MuddyWater, an Iranian-based cybercrime group, used legitimate company emails to install remote administration software, Syncro. Emails from legitimate-looking sources can trick people into believing them and clicking on links in them. Deep Instinct discovered this phishing operation in October and believes it’s been going on since September.