MuddyWater's Operation Olalampo Targets MENA Region with New Malware

MuddyWater's Operation Olalampo Targets MENA Region with New Malware

First seen 11 Apr 2026, 09:09 UTC Circleidmain.whoisxmlapi.comwww.group-ib.com 92% similarity 77.0

Article Content

Browse articles
ThreatCluster

MuddyWater, an advanced persistent threat (APT) group, has launched 'Operation Olalampo,' targeting organizations and individuals in the MENA region amid ongoing geopolitical tensions. The operation involves the deployment of new malware variants and the use of Telegram bots for command-and-control (C&C) purposes. Group-IB identified seven indicators of compromise (IoCs), including four domains and three IP addresses, all of which were confirmed to lack legitimate ownership. Investigations revealed extensive historical data for the domains and IPs, indicating potential victim communications. The threat actors' tactics and tools suggest a sophisticated approach to cyber operations. The current status of the campaign remains active, with ongoing analysis and threat detection efforts recommended. A sample of the findings is available for further investigation.

Key Points: • MuddyWater's Operation Olalampo targets the MENA region using new malware and Telegram bots. • Seven IoCs identified, including four domains and three IP addresses, all with no legitimate ownership. • Ongoing investigations reveal extensive historical data linked to the identified IoCs.

ThreatCluster AI

Timeline

2026-01-25
Victim communications detected with IoC IP addresses.
2026-02-25
Analysis of IoCs conducted by Group-IB.
2026-04-11
Operation Olalampo reported in cybersecurity news.

Community

Browse all →