Iran-linked APT group MuddyWater has deployed RustyWater, a new Rust-based implant, in ongoing espionage campaigns targeting diplomatic, maritime, financial, and telecom organizations across the Middle East, particularly Israel. The malware represents a significant evolution from the group's traditional PowerShell and VBS tools, featuring anti-debugging mechanisms, VM detection, string obfuscation, and multi-stage payload delivery. Delivered via spear-phishing emails with malicious ZIP archives, RustyWater establishes persistence through Windows Registry modifications and communicates with C2 infrastructure mimicking legitimate services like Dropbox and WordPress. The campaign uses Hebrew-language decoy documents and has been linked to intelligence gathering operations that previously correlated with missile strikes in Israel and the Red Sea.
Sort: