MuddyWater, an Iranian government-backed cyber espionage group, has upgraded its malware with a custom backdoor, which it uses to target Israeli organizations.
US braces for Iran's revenge; Deploys guided missile submarine to protect Israel from attack
The gang has been linked to Iran's Ministry of Intelligence and Security (MOIS), which the US sanctioned in 2022 in response to its attacks on Albania and other "cyber-enabled activities against the US and its allies".
MuddyWater joined an apparent anti-Israel campaign involving several Iranian groups after the Hamas-led attacks on October 7, 2023. It has since moved on to phishing campaigns that deploy a new backdoor — called BugSleep — according to Check Point Research.
The gang's phishing moves have recently used invitations to participate in webinars and online courses. Since February, Check Point has documented more than 50 such emails sent to hundreds of individuals in ten sectors of the Israeli economy.
