top of page
ALL POSTS
MuddyWater's DLL Side-Loading Espionage Campaign Spans 9 Countries
Key Findings MuddyWater conducted a widespread espionage campaign affecting at least nine organizations across nine countries on four continents in Q1 2026 Targets included a major South Korean electronics manufacturer, a Middle Eastern airport, Southeast Asian industrial firms, and Latin American financial services Attackers used DLL side-loading with legitimate binaries (fmapp.exe and sentinelmemoryscanner.exe) to execute malicious code while evading detection ChromElevator
May 263 min read
Dindoor Malware Targets U.S. Networks in New MuddyWater Campaign
Key Findings Iran-linked MuddyWater (aka SeedWorm) APT group targeted U.S. organizations, including banks, airports, nonprofits, and a software supplier to the defense and aerospace sectors The group deployed a previously unknown backdoor called Dindoor, which leverages the Deno JavaScript runtime for execution An attempt was made to exfiltrate data from the targeted software company using the Rclone utility to a Wasabi cloud storage bucket A separate Python backdoor called F
Mar 62 min read
MuddyWater Targets Turkey, Israel, and Azerbaijan with UDPGangster Backdoor
Key Findings The Iranian hacking group known as MuddyWater has been observed deploying a new backdoor called UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) communication. The cyber espionage activity targeted users in Turkey, Israel, and Azerbaijan. The attack chain involves using spear-phishing tactics to distribute booby-trapped Microsoft Word documents that trigger the execution of a malicious payload once macros are enabled. UDPGangste
Dec 8, 20252 min read
bottom of page
