New BugSleep malware implant deployed in MuddyWater attacks

Share:

The Iranian-backed MuddyWater hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems.

Dubbed BugSleep, this new backdoor is still actively being developed and was discovered by analysts at Check Point Research while being distributed via well-crafted phishing lures.

The campaign pushes the malware via phishing emails disguised as invitations to webinars or online courses. The emails redirect the targets to archives containing malicious payloads hosted on the Egnyte secure file-sharing platform.

Some versions found in the wild also come with a custom malware loader designed to inject it into the active processes of a handful of apps, including Microsoft Edge, Google Chrome, AnyDesk, Microsoft OneDrive, PowerShell, and Opera.

“We discovered several versions of the malware being distributed, with differences between each version showing improvements and bug fixes (and sometimes creating new bugs),” Check Point said. “These updates, occurring within short intervals between samples, suggest a trial-and-error approach.”

With the switch to BugSleep, MuddyWater has switched from exclusively using legitimate Remote Management Tools (RMM) like Atera Agent and Screen Connect to maintain access to victims’ networks.

Attacks using this new malware focus on a wide range of targets worldwide, from government organizations and municipalities to airlines and media outlets, with targeting Israel and some in Turkey, Saudi Arabia, India, and Portugal.

​Exposed as Iranian intelligence agency hackers

MuddyWater (also tracked as Earth Vetala, MERCURY, Static Kitten, and Seedworm) was first seen in 2017. It is known for mainly targeting Middle Eastern entities (with a focus on Israeli targets) and continually upgrading its arsenal.

Although relatively new compared to other state-backed hacking groups, this Iranian threat group is highly active and targets many industry sectors, including telecommunications, government (IT services), and oil industry organizations.

Since it surfaced, it has slowly expanded its attacks to cyber-espionage campaigns against government and defense entities in Central and Southwest Asia, as well as organizations from North America, Europe, and Asia [1, 2, 3].

In January 2022, the U.S. Cyber Command (USCYBERCOM) officially linked MuddyWater to Iran’s Ministry of Intelligence and Security (MOIS), the country’s leading government intelligence agency.

One month later, U.S. and U.K. cybersecurity and law enforcement agencies exposed additional MuddyWater malware, a new Python backdoor dubbed Small Sieve deployed to maintain persistence and evade detection in compromised networks.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
1:50 am, Jul 2, 2025
weather icon 20°C
L: 19° | H: 22°
scattered clouds
Humidity: 77 %
Pressure: 1015 mb
Wind: 7 mph NNE
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 50%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:48 am
Sunset: 9:20 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
19° | 22°°C 0.26 mm 26% 11 mph 80 % 1022 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
14° | 26°°C 0 mm 0% 13 mph 55 % 1028 mb 0 mm/h
Fri Jul 04 10:00 pm
weather icon
15° | 26°°C 0 mm 0% 12 mph 57 % 1028 mb 0 mm/h
Sat Jul 05 10:00 pm
weather icon
15° | 25°°C 1 mm 100% 15 mph 89 % 1022 mb 0 mm/h
Sun Jul 06 10:00 pm
weather icon
14° | 19°°C 1 mm 100% 13 mph 81 % 1012 mb 0 mm/h
Today 4:00 am
weather icon
18° | 20°°C 0 mm 0% 5 mph 78 % 1015 mb 0 mm/h
Today 7:00 am
weather icon
19° | 19°°C 0 mm 0% 8 mph 80 % 1015 mb 0 mm/h
Today 10:00 am
weather icon
21° | 21°°C 0 mm 0% 6 mph 73 % 1017 mb 0 mm/h
Today 1:00 pm
weather icon
19° | 19°°C 0.2 mm 20% 7 mph 71 % 1017 mb 0 mm/h
Today 4:00 pm
weather icon
21° | 21°°C 0.26 mm 26% 8 mph 45 % 1019 mb 0 mm/h
Today 7:00 pm
weather icon
24° | 24°°C 0 mm 0% 11 mph 32 % 1020 mb 0 mm/h
Today 10:00 pm
weather icon
18° | 18°°C 0 mm 0% 10 mph 34 % 1022 mb 0 mm/h
Tomorrow 1:00 am
weather icon
16° | 16°°C 0 mm 0% 7 mph 37 % 1025 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€89,490.61
-1.58%
Ethereum(ETH)
€2,039.56
-3.27%
Tether(USDT)
€0.85
-0.01%
XRP(XRP)
€1.84
-3.04%
Solana(SOL)
€124.79
-4.62%
USDC(USDC)
€0.85
-0.01%
Dogecoin(DOGE)
€0.134125
-4.11%
Shiba Inu(SHIB)
€0.000009
-1.75%
Pepe(PEPE)
€0.000008
-4.65%
Scroll to Top