Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

MuddyWater launches RustyWater RAT via spear-phishing across Middle East sectors

(Geoffrey Crofte / Unsplash)

By Ravie Lakshmanan

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.

“The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular post-compromise capability expansion,” CloudSEK resetter Prajwal Awasthi said in a report published this week.

The latest development reflects continued evolution of MuddyWater’s tradecraft, which has gradually-but-steadily reduced its reliance on legitimate remote access software as a post-exploitation tool in favor of a diverse custom malware arsenal comprising tools like Phoenix, UDPGangster, BugSleep (aka MuddyRot), and MuddyViper.

Read more at The Hacker News

Click to listen highlighted text!