CyberSecurityBoard
Sponsor Register Login

MuddyWater Targets 100+ Government Entities in MEA With Phoenix Backdoor

MuddyWater, a notorious cyber espionage group, has intensified its operations targeting over 100 government entities across the Middle East and Africa (MEA) region. The group employs the Phoenix backdoor malware to infiltrate and maintain persistent access to sensitive networks. This campaign highlights the increasing sophistication and reach of MuddyWater, emphasizing the need for robust cybersecurity measures among government organizations. The Phoenix backdoor allows attackers to execute commands, exfiltrate data, and evade detection, posing significant risks to national security and critical infrastructure. Organizations are urged to update their security protocols, conduct thorough network monitoring, and apply timely patches to mitigate these threats. This incident underscores the evolving tactics of state-sponsored threat actors and the importance of international collaboration in cyber defense.

This Cyber News was published on www.darkreading.com. Publication date: Wed, 22 Oct 2025 14:05:10 +0000


Cyber News related to MuddyWater Targets 100+ Government Entities in MEA With Phoenix Backdoor

CVE-2023-53560 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago
CVE-2022-49069 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
MuddyWater Targets 100+ Government Entities in MEA With Phoenix Backdoor - MuddyWater, a notorious cyber espionage group, has intensified its operations targeting over 100 government entities across the Middle East and Africa (MEA) region. The group employs the Phoenix backdoor malware to infiltrate and maintain persistent ...
3 weeks ago Darkreading.com MuddyWater
Israeli Entities Under Attack By MuddyWater's Advanced Tactics - A new social engineering campaign conducted by the "MuddyWater" group has been observed targeting two Israeli entities with tactics, techniques and procedures previously associated with this threat actor. MuddyWater, a group known for spear-phishing ...
1 year ago Infosecurity-magazine.com MuddyWater
Iranian Hackers Use New C2 Tool 'DarkBeatC2' in Recent Operation - MuddyWater, an Iranian threat actor, has used a novel command-and-control infrastructure known as DarkBeatC2 in its the most recent attack. This tool joins a list of previously used systems, including SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. In a ...
1 year ago Cysecurity.news MuddyWater
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
CVE-2024-0762 - Potential buffer overflow ...
1 year ago
Lawmakers: Ban TikTok to Stop Election Misinformation! Same Lawmakers: Restrict How Government Addresses Election Misinformation! - In a case being heard Monday at the Supreme Court, 45 Washington lawmakers have argued that government communications with social media sites about possible election interference misinformation are illegal. Just this week the vast majority of those ...
1 year ago Eff.org
MuddyWater Hackers Using Custom Malware With Multi-Stage Payloads - MuddyWater, a notorious hacker group, has been observed deploying sophisticated custom malware featuring multi-stage payloads to conduct cyber espionage and targeted attacks. This advanced malware campaign leverages multiple infection stages to evade ...
1 month ago Cybersecuritynews.com MuddyWater
MEA Hackers Target Govts, Finance, SMB, Retailers - The Middle East and Africa (MEA) region is witnessing a surge in cyberattacks targeting governments, financial institutions, small and medium businesses (SMBs), and retailers. Cybercriminals and threat actors are exploiting vulnerabilities in these ...
3 weeks ago Darkreading.com
Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
2 years ago Heimdalsecurity.com Cozy Bear
Hyundai MEA X Account Hacked, Followed by Crypto Promotion - The social media account for Hyundai MEA was taken over to distribute cryptocurrency promotions. The Hyundai MEA account on X was briefly changed to impersonate Overworld, a role-playing game that is backed by the venture capital and incubator arm ...
1 year ago Darkreading.com Cuba
Online ransomware decryptor helps recover partially encrypted files - CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The company announced today that although the tool was already freely available through GitHub as a ...
1 year ago Bleepingcomputer.com BianLian Qilin Cactus Black Basta
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
1 year ago Hackread.com
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor - Iranian hacker groups have launched a widespread cyber espionage campaign targeting over 100 government organizations worldwide using the Phoenix backdoor malware. This sophisticated malware enables attackers to gain persistent access, steal ...
3 weeks ago Bleepingcomputer.com Iranian hackers
MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel - Iranian nation-state actors have been observed using a previously undocumented command-and-control framework called MuddyC2Go as part of attacks targeting Israel. "The framework's web component is written in the Go programming language," Deep ...
1 year ago Thehackernews.com MuddyWater
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com
UK sets out new cyber reporting requirements for critical infrastructure | The Record from Recorded Future News - The original law introduced duties for organizations in critical sectors to report cyber incidents to their regulators, but the thresholds for reportable incidents were based on the “interruption to the continuity of the essential or digital ...
7 months ago Therecord.media
Simeio Returns to Compete in 2024 'ASTORS' Awards with Simeio OI - Home IT Security Communications Simeio Returns to Compete in 2024 'ASTORS' Awards with Simeio OI. A global managed services provider offering Identity and Access Management solutions, Simeio secures over 160 million identities globally for large ...
1 year ago Americansecuritytoday.com
Fortifying cyber defenses: A proactive approach to ransomware resilience - Ransomware has become a pervasive threat, compromising the security and functionality of vital systems across the United States. While governmental pledges and public declarations of intent to fight cybercrime are foundational, they often lack the ...
1 year ago Helpnetsecurity.com
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets - A group of pro-Hamas attackers known as the Gaza Cybergang is using a new variation of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. According to research from Sentinel Labs, the backdoor is based on the C++ ...
1 year ago Darkreading.com
What Should We Expect for State and Local Government IT Priorities in 2024? - As we wrap up 2023, it is a great time to reflect on the current state of technology in state and local governments and look ahead to the priorities for the coming year. Maintaining the security of networks and the data they carry continues to be the ...
1 year ago Feedpress.me
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory - A newly discovered attack named "New Phoenix" has been found to bypass existing Rowhammer defenses in DDR5 memory modules. Rowhammer is a hardware vulnerability that allows attackers to manipulate memory cells by repeatedly accessing adjacent rows, ...
1 month ago Bleepingcomputer.com
Palo Alto Reveals New Features in Russian APT Turla's Kazuar Backdoor - The latest version of the Kazuar backdoor could be more sophisticated than previously imagined, according to Palo Alto Networks. The Kazuar backdoor was used by the Russian hacking group Turla to target the Ukrainian defense sector in July 2023, the ...
1 year ago Infosecurity-magazine.com Turla
MuddyWater - MuddyWater is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS). Since at least 2017, MuddyWater has targeted a range of government and private organizations across sectors, ...
1 year ago Attack.mitre.org MuddyWater

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)