The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

Iranian nation-state threat group MuddyWater has launched Operation Olalampo, a new attack campaign targeting organizations in the Middle East, North Africa, and Africa. The campaign uses spear-phishing emails with malicious Microsoft Office documents to deploy several never-before-seen malware strains: the Char backdoor (Rust-based, using Telegram as C2), GhostFetch downloader with GhostBackDoor, and HTTP_VIP downloader that deploys AnyDesk RMM. Notably, the malware shows signs of AI-assisted development, evidenced by debug strings containing emojis in the code. MuddyWater is also experimenting with exploiting public-facing server vulnerabilities as an alternative entry point, marking a tactical evolution for the group. Group-IB researchers recommend defenders use the published IoCs, YARA rules, and EDR rules to monitor for activity.

MuddyWater Targets Orgs With Fresh Malware Amid Rising Tensions