With a new attack campaign delivering multiple new strains of custom malware, the nation-state threat group MuddyWater is not wasting any time in stepping up its cyber offensive against organizations in the Middle East and Africa region as the United States gets ready for a potential military strike against Iran This article explores malware olalampo targeted. . According to a Group-IB report released on Friday, the campaign, known as Operation Olalampo, begins with the group's standard entry strategy, spear-phishing emails, and concludes with the deployment of one of several strains of previously unseen second-stage loader and backdoor malware.

Olalampo "targeted multiple organizations and individuals primarily across the MENA region, aligning with the ongoing geopolitical tensions," the blog post states.

In addition, there is proof that MuddyWater, which is associated with Iran's Ministry of Intelligence and Security (MOIS), attempted to take advantage of vulnerabilities in public-facing servers as part of the activity, which the researchers initially learned about on January 26. Related: Top-Rated 'Starkiller' Phishing Kit Avoids MFA "The HTTP_VIP malware is a native downloader that acts as a bridge for additional exploitation," the post states. The malware's "highly selective" execution flow carries out C2 authentication, system reconnaissance, and a specific check for a hard-coded domain, terminating if the system is associated with one.

MuddyWater Tightens Its Game MuddyWater, also known as TA450, Helix Kitten, Seedworm, and other names, is one of the most active and infamous APTs in Iran, with roots dating back to 2017. Despite being a long-standing, frequent threat, it seems to be strengthening its previously clumsy tactics in its most recent attacks. In fact, since its inception, MuddyWater has been gradually changing its operations.