MuddyWater
Coverage of MuddyWater in the Nexus archive.
- MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Iranian hacking group MuddyWater has been linked to a cyber espionage campaign targeting nine organizations across nine countries in Q1 2026. The campaign used DLL side-loading to compromise industrial, electronics manufacturing, education, public-sector, financial services, and professional services sectors, according to the Threat Hunter Team from Symantec and Carbon Black.
- Iranian hackers targeted major South Korean electronics maker
Iranian hackers launched a cyber-espionage campaign targeting high-profile organizations, including a major South Korean electronics maker, across multiple sectors and countries. The hacking group MuddyWater, also known as Seedworm or Static Kitten, was behind the attack. At least nine organizations were targeted.
- Iranian government hackers using Chaos ransomware as cover, researchers say
Researchers discovered an Iranian government-backed hacking group, MuddyWater, using Chaos ransomware as a cover for their attacks. The incident was initially thought to be a Chaos ransomware attack but was later attributed to MuddyWater, tied to Iran's Ministry of Intelligence and Security. This revelation highlights the evolving tactics of state-sponsored hacking groups.
- Iran cybersnoops still LARPing as ransomware crooks in espionage ops
Iranian intelligence cyber unit posed as Chaos ransomware gang to hide state-sponsored espionage operation, using phishing campaign and social engineering to gain access to targets' credentials. The attackers then executed various commands and downloaded payloads, including backdoor malware. The operation was spotted by Researchers at Rapid7 earlier this year.
- MuddyWater hackers use Chaos ransomware as a decoy in attacks
MuddyWater Iranian hackers used Chaos ransomware as a decoy in their attacks, gaining access through Microsoft Teams social engineering and establishing persistence. The attackers relied on this tactic to disguise their operations. This approach allowed them to deceive targets about the true nature of the attack.
- MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
MuddyWater, an Iranian state-sponsored hacking group, has been attributed to a false flag ransomware attack that leverages social engineering techniques via Microsoft Teams. The attack was observed by Rapid7 in early 2026 and initiates the infection sequence. MuddyWater is also known as Mango Sandstorm, Seedworm, and Static Kitten.