The PolySwarm Blog

Verticals Targeted: Diplomatic, Maritime, Financial, Telecom
Regions Targeted: Middle East
Related Families: Archer RAT / RUSTRIC

Executive Summary

A spear-phishing campaign linked to the Muddy Water APT group was observed deploying a new Rust-based implant called RustyWater against organizations in the Middle East. This evolution from legacy PowerShell and VBS tooling introduces enhanced modularity, anti-analysis features, and asynchronous command-and-control capabilities.

Executive Summary

Iranian threat actors were observed targeting a hybrid environment using ransomware as a decoy for destructive attacks.

Key Takeaways

Background

Iranian threat actor group Muddy Water has been very active in the last few months. In February, CISA issued an alert warning that the group was conducting a campaign targeting global government and commercial networks. Earlier this month, Cisco’s Talos Intelligence published a blog post on Muddy Water activity targeting Turkey and other countries.