MuddyWater is a apt_group tracked across 31 threat clusters and 55 intelligence report mentions on ThreatCluster. First observed October 30, 2025; most recent activity July 7, 2026.
MuddyWater, an advanced persistent threat (APT) group, has launched 'Operation Olalampo,' targeting organizations and individuals in the MENA region amid ongoing geopolitical tensions. The operation involves the…
In early 2026, the Iranian APT group MuddyWater, affiliated with the Ministry of Intelligence and Security, executed a sophisticated cyber operation disguised as a Chaos ransomware attack. Utilizing social engineering…
In 2026, Iranian APT groups, notably Cavern Manticore and OilRig, have intensified cyber operations against Israeli organizations, primarily in the IT and government sectors. Cavern Manticore employs a modular…
CVE-2026-21514 is a security feature bypass vulnerability in Microsoft Word, disclosed on February 10, 2026. This flaw allows attackers to exploit nearly 14 million assets across seven Tier 1 countries, primarily in the…
China-linked hackers targeted Qatar by using fake war news to distribute PlugX backdoor malware. This attack aims to infiltrate and spy on critical sectors, including military and energy. The operation highlights the…
A threat group resembling MuddyWater has executed a reconnaissance and intrusion operation targeting over 12,000 internet-facing systems in the Middle East. The attack focused on critical sectors, including aviation,…
The Iranian nation-state group Boggy Serpens, also known as MuddyWater, has intensified its cyberespionage activities, targeting diplomatic missions, energy companies, maritime operators, and financial institutions.…
On May 19, 2026, Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) operation that provided over 1,000 fraudulent code-signing certificates to cybercriminals, enabling them to disguise malware as…
Recent cybersecurity reports detail the exploitation of software vulnerabilities in client applications, particularly targeting web browsers and Microsoft Office. Adversaries utilize techniques such as Drive-by…
BeyondTrust has issued a warning regarding a critical remote code execution (RCE) vulnerability in its Remote Support and Privileged Remote Access software. The flaw, tracked as CVE-2026-1731, allows unauthenticated…