⚠️ Region Alert: UAE/Middle East
Iranian threat actor MuddyWater (also known as Earth Vetala and Mango Sandstorm) has launched a new campaign dubbed "Operation Olalampo," targeting organizations across the Middle East and North Africa (MENA). The campaign utilizes phishing emails containing malicious Microsoft Office documents to deploy a suite of new malware families, including GhostFetch, HTTP_VIP, and a Rust-based backdoor called CHAR. These tools facilitate system profiling, remote control, and the deployment of secondary implants like GhostBackDoor.
Analysis reveals that the group is increasingly adopting AI-assisted development techniques, evidenced by specific markers and emojis in the CHAR malware's source code. The operation demonstrates a diversified command-and-control infrastructure, using Telegram bots for communication and leveraging legitimate remote desktop software like AnyDesk to maintain persistence. MuddyWater continues to evolve its custom tooling and exploitation of public-facing servers to infiltrate target networks in the region.
Top comments (0)