Researchers discover RustyWater malware targeting organizations in Israel and other Middle Eastern countries

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Iran-linked APT group MuddyWater has deployed RustyWater, a new Rust-based implant, in ongoing espionage campaigns targeting diplomatic, maritime, financial, and telecom organizations across the Middle East, particularly Israel. The malware represents a significant evolution from the group's traditional PowerShell and VBS tools, featuring anti-debugging mechanisms, VM detection, string obfuscation, and multi-stage payload delivery. Delivered via spear-phishing emails with malicious ZIP archives, RustyWater establishes persistence through Windows Registry modifications and communicates with C2 infrastructure mimicking legitimate services like Dropbox and WordPress. The campaign uses Hebrew-language decoy documents and has been linked to intelligence gathering operations that previously correlated with missile strikes in Israel and the Red Sea.

Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign