Pierluigi Paganini March 25, 2024
Iran-Linked APT TA450 embeds malicious links in PDF attachments

In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, TA450, and Static Kitten) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems. […]

Pierluigi Paganini November 03, 2023
MuddyWater has been spotted targeting two Israeli entities

Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a new spear-phishing campaign. Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinct’s Threat Research team reported. The phishing messages were aimed at deploying a legitimate remote administration tool called Advanced Monitoring Agent. This is the first time that the Iranian […]

Pierluigi Paganini December 11, 2022
MuddyWater APT group is back with updated TTPs

The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign. Deep Instinct’s Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm, TEMP.Zagros, and Static Kitten) that was targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates. The […]

Pierluigi Paganini January 13, 2022
USCYBERCOM: MuddyWater APT is linked to Iran’s MOIS intelligence

US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS). USCYBERCOM has officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros) to Iran’s Ministry of Intelligence and Security (MOIS). The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called the campaign […]

Pierluigi Paganini October 23, 2020
Iran-Linked Seedworm APT target orgs in the Middle East

The Iran-linked cyber espionage group tracked as Seedworm started using a new downloader and is conducting destructive attacks. The Iran-linked cyber-espionage group Seedworm (aka MuddyWater MERCURY, and Static Kitten) was observed using a new downloader in a new wave of attacks. Security experts pointed out that the threat actor started conducting destructive attacks. Also referred to […]

Pierluigi Paganini October 06, 2020
Iran-linked APT is exploiting the Zerologon flaw in attacks

Microsoft researchers reported that Iranian cyber espionage group MuddyWater is exploiting the Zerologon vulnerability in attacks in the wild. Microsoft published a post and a series of tweets to warn of cyber attacks exploiting the Zerologon vulnerability carried out by the Iran-linked APT group known as MuddyWater, aka Mercury. The Zerologon vulnerability, tracked as CVE-2020-1472, is […]

Pierluigi Paganini June 27, 2019
Similarities and differences between MuddyWater and APT34

Security expert Marco Ramilli analyzed similarities and differences between the MuddyWater and APT34 cyberespionage groups. Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. […]

Pierluigi Paganini May 21, 2019
MuddyWater BlackWater campaign used new anti-detection techniques

A recent MuddyWater campaign tracked as BlackWater shows that the APT group added new anti-detection techniques to its arsenal. Security experts at Cisco Talos attributed the recently spotted campaign tracked as “BlackWater” to the MuddyWater APT group (aka SeedWorm and TEMP.Zagros).  The researchers also pointed out that the cyber espionage group has been updating its tactics, techniques, […]

Pierluigi Paganini December 07, 2018
Experts at Yoroi – Cybaze Z-Lab analyzed MuddyWater Infection Chain

Malware researchers at Yoroi – Cybaze Z-Lab analyzed the MuddyWater Infection Chain observed in a last wave of cyber attacks. Introduction At the end of November, some Middle East countries have been targeted by a new wave of attacks related to the Iranian APT group known as “MuddyWater“: their first campaign was observed back in […]

Pierluigi Paganini November 30, 2018
New PowerShell-based Backdoor points to MuddyWater

Security researchers at Trend Micro recently discovered PowerShell-based backdoor that resembles a malware used by MuddyWater threat actor. Malware researchers at Trend Micro have discovered a Powershell-based backdoor that is very similar to a malware used by MuddyWater APT group. The first MuddyWater campaign was observed in late 2017, then researchers from Palo Alto Networks were investigating a mysterious wave […]