A hacker group linked to the Iranian regime has targeted organizations active in various Middle Eastern countries, including Israel, in a new cyber campaign.
According to research by the cybersecurity company Check Point, the hacker group known as MuddyWater has attacked Azerbaijan, Portugal, Turkey, Saudi Arabia, and India, in addition to Israel, using a new proprietary malware.
This malware allows hackers to remotely execute commands on systems and transfer files between infected devices and servers.
According to cybersecurity researchers, despite its low technical quality, the MuddyWater malware is continually being developed and improved by hackers.
Hackers have sent this malware to their victims through phishing emails.
Check Point experts have identified government organizations, municipalities, media outlets, and travel agencies as the targets of these attacks.
Since the recent campaign was identified in February 2024, more than 50 phishing emails have been sent to hundreds of recipients.
Simultaneously, the cybersecurity company Sequoia reported a similar increase in attacks by the MuddyWater group on various institutions.
Their investigations show that Iranian regime hackers have targeted Azerbaijan, Israel, Jordan, Turkey, and Saudi Arabia with cyberattacks in recent months.
Another finding of this investigation is a change in the method of sending malicious links to attack victims.
In their recent campaign, hackers placed the malicious links in PDF files attached to the emails instead of directly in the body of the phishing emails.
International organizations, including the United States Cybersecurity and Infrastructure Security Agency, have attributed the MuddyWater group to the Iranian Ministry of Intelligence.
This group is also known by other names, including APT34 and OilRig.
In recent years, MuddyWater has focused on cyber espionage against private and government institutions in the Middle East and Western countries.
In November 2023, just a few weeks after the start of the Hamas-Israel war, two Israeli entities were targeted by this group.
In that attack, Iranian government hackers also used phishing emails and social engineering techniques to deceive their victims.
