Key Findings MuddyWater conducted a widespread espionage campaign affecting at least nine organizations across nine countries on four continents in Q1 2026 Targets included a major South Korean electronics manufacturer, a Middle Eastern airport, Southeast Asian industrial firms, and Latin American financial services Attackers used DLL side-loading with legitimate binaries (fmapp.exe and sentinelmemoryscanner.exe) to execute malicious code while evading detection ChromElevator