Iran-linked APT group MuddyWater has deployed RustyWater, a new Rust-based implant, in ongoing espionage campaigns targeting diplomatic, maritime, financial, and telecom organizations across the Middle East, particularly Israel. The malware represents a significant evolution from the group's traditional PowerShell and VBS tools, featuring anti-debugging mechanisms, VM detection, string obfuscation, and multi-stage payload delivery. Delivered via spear-phishing emails with malicious ZIP archives, RustyWater establishes persistence through Windows Registry modifications and communicates with C2 infrastructure mimicking legitimate services like Dropbox and WordPress. The campaign uses Hebrew-language decoy documents and has been linked to intelligence gathering operations that previously correlated with missile strikes in Israel and the Red Sea.

4m read timeFrom csoonline.com
Post cover image

Sort: