MuddyWater's Operation Olalampo Targets MENA Region with New Malware

Severity: High (Score: 77.0)

Sources: main.whoisxmlapi.com, Circleid, www.group-ib.com

Summary

MuddyWater, an advanced persistent threat (APT) group, has launched 'Operation Olalampo,' targeting organizations and individuals in the MENA region amid ongoing geopolitical tensions. The operation involves the deployment of new malware variants and the use of Telegram bots for command-and-control (C&C) purposes. Group-IB identified seven indicators of compromise (IoCs), including four domains and three IP addresses, all of which were confirmed to lack legitimate ownership. Investigations revealed extensive historical data for the domains and IPs, indicating potential victim communications. The threat actors' tactics and tools suggest a sophisticated approach to cyber operations. The current status of the campaign remains active, with ongoing analysis and threat detection efforts recommended. A sample of the findings is available for further investigation. Key Points: • MuddyWater's Operation Olalampo targets the MENA region using new malware and Telegram bots. • Seven IoCs identified, including four domains and three IP addresses, all with no legitimate ownership. • Ongoing investigations reveal extensive historical data linked to the identified IoCs.

Key Entities

• MuddyWater (apt_group)
• Malware (attack_type)
• Operation Olalampo (campaign)
• T1071 - Application Layer Protocol (mitre_attack)
• Telegram (platform)