Select Page

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity.

“The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates,” Deep Instinct researcher Simon Kenin said in a technical write-up.

MuddyWater, also called Boggy Serpens, Cobalt Ulster, Earth Vetala, Mercury, Seedworm, Static Kitten, and TEMP.Zagros, is said to be a subordinate element within Iran’s Ministry of Intelligence and Security (MOIS).

Active since at least 2017, attacks mounted by the espionage group have typically targeted telecommunications, government, defence, and oil sectors.

The current intrusion set follows MuddyWater’s long-running modus operandi of using phishing lures that contain direct Dropbox links or document attachments with an embedded URL pointing to a ZIP archive file.

images from Hacker News