Not Simon 🐐

2024

• July 15, 2024 – Sekoia: MuddyWater replaces Atera by custom MuddyRot implant in a recent campaign
• July 15, 2024 – Check Point Research: New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns
• May 14, 2024 – ESET Research: ESET APT Activity Report Q4 2023–Q1 2024
• April 24, 2024 – Broadcom: Seedworm exploits Atera Agent in a spear-phishing Campaign
• 22 April 2024 – HarfangLab: Increased activity from Iran sponsored APT MuddyWater, targeting Middle East, African & European organisations.
• April 08, 2024: Unit 42: Boggy Serpens (MuddyWater) Use of AutodialDLL
• April 07, 2024 – Broadcom: Seedworm distributing remote administration management software agents
• March 29, 2024 – Malwation: New MuddyWater Campaigns After Operation Swords of Iron
• March 21, 2024 – Proofpoint: Security Brief: TA450 Uses Embedded Links in PDF Attachments in Latest Campaign
• March 07, 2024 – Israel National Cyber Directorate: An active phishing campaign in Israeli territory – the Iranian attack group MuddyWater (Hebrew language)

2023

• December 19, 2023 – Symantec: Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa
• November 08, 2023 – Deep Instinct: MuddyC2Go – Latest C2 Framework Used by Iranian APT MuddyWater Spotted in Israel
• November 01, 2023 – Deep Instinct: MuddyWater eN-Able spear-phishing with new TTPs
• June 29, 2023 – Deep Instinct: PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater
• May 5, 2023 – Microsoft: Twitter: “Microsoft has now observed Iranian state-sponsored threat actors Mint Sandstorm (PHOSPHORUS) & Mango Sandstorm (MERCURY) exploiting CVE-2023-27350.”
• May 02 2023 – ESET Research: APT groups muddying the waters for MSPs
• April 18, 2023 – Group-IB: SimpleHarm: Tracking MuddyWater’s infrastructure
• April 07, 2023 – Microsoft: MERCURY and DEV-1084: Destructive attack on hybrid environment

2022

• December 08, 2022 – Deep Instinct: New MuddyWater Threat: Old Kitten; New Tricks
• September 09, 2022 – U.S. Treasury: Treasury Sanctions Iranian Ministry of Intelligence and Minister for Malign Cyber Activities
• August 25, 2022 – Microsoft: MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations
• June 21, 2022 – Lab52: MuddyWater’s “light” first-stager targeting Middle East
• May 11, 2022 – NTT Security: Analysis of an Iranian APTs “E400” PowGoop variant reveals dozens of control servers dating back to 2020
• March 14, 2022 – EclecticIQ: MuddyWater APT attributed to Iranian Ministry of Intelligence and Security, and the Increasing Global Ransomware Threat
• March 10, 2022 – Cisco Talos: Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
• February 24, 2022 – CISA: Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
  • February 24, 2022 – NCSC-UK: Malware Analysis Report: Small Sieve (PDF)
• January 31, 2022 – Cisco Talos: Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
• January 13, 2022 – Picus: TTPs and IOCs Used by MuddyWater APT Group in Latest Attack Campaign
• January 12, 2022 – USCYBERCOM: Iranian intel cyber suite of malware uses open source tools (ATTRIBUTION)
• January 12, 2022 – SentinelOne: Wading Through Muddy Waters | Recent Activity of an Iranian State-Sponsored Threat Actor

2021

• December 14, 2021 – Symantec: Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
• March 05, 2021 – Trend Micro: Earth Vetala – MuddyWater Continues to Target Organizations in the Middle East
• February 10, 2021 – Anomali: Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies

2020

• October 21, 2020 – Symantec: Seedworm: Iran-Linked Group Continues to Target Organizations in the Middle East
• October 15, 2020 – Clearsky: Operation Quicksand
• February 26, 2020 – Secureworks: Business as Usual for Iranian Operations Despite Increased Tensions

2019

• June 09, 2019 – Trend Micro: New MuddyWater Activities Uncovered (PDF)
• June 06, 2019 – Clearsky: Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
• May 29, 2019 – Group-IB: Catching fish in muddy waters
• May 20, 109 – Cisco Talos: Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
• April 29, 2019 – Kaspersky: I know what you did last summer, MuddyWater blending in the crowd
• April 15, 2019 – Clearsky: Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey
• April 10, 2019 – Check Point: The Muddy Waters of APT Attacks
• March 07, 2019 – NSHC: SectorD02 PowerShell Backdoor Analysis

2018

• December 10, 2018 – Symantec: Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
• November 30, 2018 – Trend Micro: New PowerShell-based Backdoor, MuddyWater Similarities
• November 28, 2018 – Clearsky: MuddyWater Operations in Lebanon and Oman
• October 10, 2018 – Kaspersky: MuddyWater expands operations
• June 14, 2018 – Trend Micro: Potential MuddyWater Campaign uses PRB-Backdoor
• March 13, 2018 – FireEye: Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
• March 12, 2018 – Trend Micro: Potential MuddyWater Campaign Seen in the Middle East
• March 10, 2018 – Security 0wnage: A Quick Dip into MuddyWater's Recent Activity
• February 01, 2018 – Security 0wnage: Burping on MuddyWater

2017

• November 14, 2017 – Unit 42: Muddying the Water: Targeted Attacks in the Middle East
• October 04, 2017 – Security 0wnage: Continued Activity targeting the Middle East