Pierluigi Paganini
December 02, 2025
Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli organizations and one confirmed Egyptian target. The Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) deployed custom tools to evade defenses and maintain persistence. They used a Fooder loader, […]
Pierluigi Paganini
November 20, 2025
Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification System (AIS) data shortly before an attempted missile strike, showing how Tehran-aligned groups use cyber operations to support and amplify real-world kinetic attacks. The research demonstrates that […]
Pierluigi Paganini
August 12, 2025
Researchers at cybersecurity firm Profero cracked DarkBit ransomware encryption, allowing victims to recover files for free. Good news for the victims of the DarkBit ransomware, researchers at cybersecurity firm Profero cracked the encryption process, allowing victims to recover files for free without paying the ransom. However, at this time, the company has yet to release […]
Pierluigi Paganini
March 25, 2024
In recent campaigns, Iran-linked APT group MuddyWater used a legitimate Remote Monitoring and Management (RMM) solution called Atera. Proofpoint researchers observed the Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, TA450, and Static Kitten) was behind a new phishing campaign in March 2024 that attempted to drop a legitimate Remote Monitoring and Management (RMM) solution called Atera on the target systems. […]
Pierluigi Paganini
November 03, 2023
Iran-linked cyberespionage group MuddyWater is targeting Israeli entities in a new spear-phishing campaign. Iran-linked APT group MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is targeting Israeli entities in a new spear-phishing campaign, Deep Instinctâs Threat Research team reported. The phishing messages were aimed at deploying a legitimate remote administration tool called Advanced Monitoring Agent. This is the first time that the Iranian […]
Pierluigi Paganini
December 11, 2022
The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign. Deep Instinctâs Threat Research team uncovered a new campaign conducted by the MuddyWater APT (aka SeedWorm, TEMP.Zagros, and Static Kitten) that was targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and United Arab Emirates. The […]
Pierluigi Paganini
January 13, 2022
US Cyber Command (USCYBERCOM) has officially linked the Iran-linked MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS). USCYBERCOM has officially linked the Iran-linked MuddyWater APT group (aka SeedWorm and TEMP.Zagros) to Iran’s Ministry of Intelligence and Security (MOIS). The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called the campaign […]
Pierluigi Paganini
October 23, 2020
The Iran-linked cyber espionage group tracked as Seedworm started using a new downloader and is conducting destructive attacks. The Iran-linked cyber-espionage group Seedworm (aka MuddyWater MERCURY, and Static Kitten) was observed using a new downloader in a new wave of attacks. Security experts pointed out that the threat actor started conducting destructive attacks. Also referred to […]
Pierluigi Paganini
October 06, 2020
Microsoft researchers reported that Iranian cyber espionage group MuddyWater is exploiting the Zerologon vulnerability in attacks in the wild. Microsoft published a post and a series of tweets to warn of cyber attacks exploiting the Zerologon vulnerability carried out by the Iran-linked APT group known as MuddyWater, aka Mercury. The Zerologon vulnerability, tracked as CVE-2020-1472, is […]
Pierluigi Paganini
June 27, 2019
Security expert Marco Ramilli analyzed similarities and differences between the MuddyWater and APT34 cyberespionage groups. Many state sponsored groups have been identified over time, many of them have different names (since discovered by different organizations) and there is no an agreed standardization on the topic but many victims and some interests look very tight together. […]
Security / December 02, 2025
Cyber Crime / December 02, 2025
