⚠️ Region Alert: UAE/Middle East
The Iranian threat actor MuddyWater, also known as Earth Vetala and Mango Sandstorm, has launched a new campaign dubbed "Operation Olalampo" targeting organizations across the Middle East and North Africa. This activity, identified by Group-IB, utilizes evolved malware families including the GhostFetch downloader and the GhostBackDoor implant. The attacks typically initiate via phishing emails containing malicious Microsoft Office documents with embedded macro code that decodes payloads to establish remote control.
The operation highlights a significant shift toward AI-assisted malware development, specifically seen in the Rust-based CHAR backdoor which uses a Telegram bot for command-and-control. Additionally, the group leverages system reconnaissance tools like HTTP_VIP to deploy legitimate remote desktop software such as AnyDesk for persistent access. MuddyWater continues to diversify its infrastructure and exploit public-facing server vulnerabilities to expand its footprint in the META region.
Top comments (0)