Threats Feed

ESET researchers uncovered a new MuddyWater campaign targeting organizations in Israel and one in Egypt, primarily within the telecommunications, government, oil and energy, and manufacturing sectors. The Iran-aligned group deployed a suite of newly developed tools, including the Fooder reflective loader and MuddyViper, a C/C++ backdoor capable of credential theft, system reconnaissance, and file operations. Additional stealers such as CE-Notes, LP-Notes, and Blub, along with customized go-socks5 reverse tunnels, enhanced persistence and defense evasion. The campaign also revealed operational overlap with Lyceum, indicating MuddyWater’s role as an initial access broker. Activity ran from September 30, 2024 to March 18, 2025.