⚠️ Region Alert: UAE/Middle East
The Iranian hacking group MuddyWater, also known as Mango Sandstorm, has launched a new campaign dubbed Operation Olalampo, primarily targeting organizations across the Middle East and North Africa. This operation utilizes a variety of malware families, including the GhostFetch and HTTP_VIP downloaders, the GhostBackDoor implant, and a Rust-based backdoor named CHAR. The attack vectors typically involve phishing emails containing malicious Microsoft Office documents that leverage macros to execute the infection chain.
Technically significant is the discovery of artificial intelligence (AI) assistance in the development of the CHAR backdoor, indicated by the presence of emojis in debug strings. This malware uses Telegram bots for command-and-control communication, allowing attackers to execute PowerShell commands, establish reverse proxies, and exfiltrate stolen data. MuddyWater's continued evolution of custom tooling and adoption of generative AI underscores their persistent threat to the META region.
Top comments (0)