October 19, 2023 at 10:35AM
An Iranian state-aligned APT known as MuddyWater has conducted a spying campaign on an unnamed Middle Eastern government for eight months. Symantec, which tracks the group, identified daily efforts to steal sensitive government data using custom malware tools. The campaign, which went undetected, involved accessing various computers on the network and deploying different hacking tools. MuddyWater has been active in the Middle East since at least 2014, conducting spying campaigns across multiple sectors.
According to meeting notes, the Iranian state-aligned advanced persistent threat (APT) group known as MuddyWater conducted a spying campaign on an unnamed Middle Eastern government using new custom malware tools. The campaign lasted for eight months, from February to September, and went undetected despite accessing multiple computers and stealing sensitive government data. MuddyWater, also known as Crambus, APT34, Helix Kitten, and OilRig, is known for its cyber espionage activities in the Middle East. The group deployed four custom malware tools, three of which were previously unknown, and also utilized popular open source hacking tools. The group’s choice of legitimate and new tools allowed them to remain under the radar, and they have recently resurfaced after being exposed in previous years. MuddyWater’s campaigns have targeted various sectors across the Middle East and they have been subject to US sanctions.