Tag: muddywater

Iran's MuddyWater Targets US Firms, macOS Stealer Campaign, and HIBP Surge

Iran's MuddyWater hackers deployed new Dindoor backdoor against US companies while cybercriminals used fake CleanMyMac sites to distribute macOS stealer malware. Meanwhile, Have I Been Pwned processed five major breaches in two days, highlighting an acceleration in data compromise incidents.

Mar 10, 2026Hackread, Troy Hunt

muddywateraptmacos

🇮🇷MuddyWater

highNation-State & APT

Iranian APT Groups Intensify Cyber Operations Against U.S. and Middle East Infrastructure

Check Point researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf states for military intelligence, while Broadcom's Symantec team uncovered MuddyWater deploying the new Dindoor backdoor against U.S. banks, airports, and nonprofits.

Mar 7, 2026Security Affairs

iranmuddywaterapt

🇮🇷MuddyWater

criticalVulnerabilities & Exploits

Critical Vulnerabilities Under Attack: CISA Adds CVSS 9.8 Flaws While APTs Deploy New Tools

CISA confirmed active exploitation of critical vulnerabilities in Hikvision cameras and Rockwell automation systems. Meanwhile, Iranian MuddyWater hackers target US organizations with new Dindoor backdoor, and Chinese APT UAT-9244 deploys sophisticated implants against South American telecommunications infrastructure.

Mar 6, 2026The Hacker News, Microsoft Security, SANS ISC, MSRC Security Updates

cisa-kevcritical-vulnerabilitiesapt-campaigns

🇨🇳Salt Typhoon🇮🇷MuddyWater

🇨🇳Hikvision

highNation-State & APT

Nation-State Activity Roundup: APT28 MacroMaze Campaign, MuddyWater Operations, and Mass Infrastructure Compromises

Multiple nation-state groups remain active with APT28 deploying basic tooling in Operation MacroMaze and MuddyWater conducting Operation Olalampo. Separately, threat actors compromised 900 Sangoma FreePBX instances through CVE-2025-64328 exploitation, maintaining persistent web shell access.

Mar 1, 2026Security Affairs

apt28muddywaterfreepbx

🇷🇺APT28🇮🇷MuddyWater

highIndustry & Policy

Digital Frontlines Weekly: AI-Armed Amateurs, Iranian Campaigns, and ATM Jackpotting Surge

The cybersecurity landscape shows concerning democratization trends as AI tools enable amateur hackers to compromise enterprise infrastructure at scale. Meanwhile, established threat actors continue evolving their arsenals with new malware variants and AI-enhanced campaigns.

Feb 24, 2026Dark Reading, Infosecurity Magazine

threat-intelligenceai-securityfortigate

🇮🇷MuddyWater

highVulnerabilities & Exploits

Supply Chain Worms and State-Sponsored Malware: Weekend Threat Roundup

Active npm supply chain worm harvests crypto keys and CI secrets while Iranian APT MuddyWater deploys new malware targeting MENA organizations in coordinated campaign.

Feb 23, 2026The Hacker News, SANS ISC

supply-chainnpmmalware

🇮🇷MuddyWater🇷🇺Sandworm