New BugSleep malware implant deployed in MuddyWater attacks

Teilen:

The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems.

Dubbed BugSleep, this new backdoor is still actively being developed and was discovered by analysts at Check Point Research while being distributed via well-crafted phishing lures.

The campaign pushes the malware via phishing emails disguised as invitations to webinars or online courses. The emails redirect the targets to archives containing malicious payloads hosted on the Egnyte secure file-sharing platform.

Some versions found in the wild also come with a custom malware loader designed to inject it into the active processes of a handful of apps, including Microsoft Edge, Google Chrome, AnyDesk, Microsoft OneDrive, PowerShell, and Opera.

“We discovered several versions of the malware being distributed, with differences between each version showing improvements and bug fixes (and sometimes creating new bugs),” Check Point said. “These updates, occurring within short intervals between samples, suggest a trial-and-error approach.”

With the switch to BugSleep, MuddyWater has switched from exclusively using legitimate Remote Management Tools (RMM) like Atera Agent and Screen Connect to maintain access to victims’ networks.

Attacks using this new malware focus on a wide range of targets worldwide, from government organizations and municipalities to airlines and media outlets, with targeting Israel and some in Turkey, Saudi Arabia, India, and Portugal.

​Exposed as Iranian intelligence agency hackers

MuddyWater (also tracked as Earth Vetala, MERCURY, Static Kitten, and Seedworm) was first seen in 2017. It is known for mainly targeting Middle Eastern entities (with a focus on Israeli targets) and continually upgrading its arsenal.

Although relatively new compared to other state-backed hacking groups, this Iranian threat group is highly active and targets many industry sectors, including telecommunications, government (IT services), and oil industry organizations.

Since it surfaced, it has slowly expanded its attacks to cyber-espionage campaigns against government and defense entities in Central and Southwest Asia, as well as organizations from North America, Europe, and Asia [1, 2, 3].

In January 2022, the U.S. Cyber Command (USCYBERCOM) officially linked MuddyWater to Iran’s Ministry of Intelligence and Security (MOIS), the country’s leading government intelligence agency.

One month later, U.S. and U.K. cybersecurity and law enforcement agencies exposed additional MuddyWater malware, a new Python backdoor dubbed Small Sieve deployed to maintain persistence and evade detection in compromised networks.

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
3:20 am, Juli 11, 2025
Wetter-Symbol 19°C
L: 17° | H: 19°
broken clouds
Luftfeuchtigkeit: 78 %
Druck: 1021 mb
Wind: 7 mph E
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 60%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
17° | 19°°C 0 mm 0% 8 mph 79 % 1021 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
19° | 30°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 7 mph 71 % 1015 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
18° | 28°°C 1 mm 100% 15 mph 84 % 1016 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
14° | 20°°C 1 mm 100% 14 mph 81 % 1017 mb 0 mm/h
Today 4:00 am
Wetter-Symbol
17° | 18°°C 0 mm 0% 3 mph 79 % 1021 mb 0 mm/h
Today 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 2 mph 75 % 1021 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
24° | 27°°C 0 mm 0% 2 mph 57 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 3 mph 32 % 1020 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
32° | 32°°C 0 mm 0% 4 mph 26 % 1018 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
21° | 21°°C 0 mm 0% 5 mph 57 % 1019 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€99,000.08
4.01%
Ethereum(ETH)
€2,525.40
6.12%
Fesseln(USDT)
€0.85
-0.02%
XRP(XRP)
€2.18
4.83%
Solana(SOL)
€140.29
3.69%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.167386
8.15%
Shiba Inu(SHIB)
€0.000011
8.44%
Pepe(PEPE)
€0.000010
13.09%
Peanut das Eichhörnchen(PNUT)
€0.245548
22.13%
Nach oben scrollen