Iran's MuddyWater Hackers Upgrade to Stealthier Cyber Operations

Iran's MuddyWater group enhances cyber tactics with MuddyViper malware, targeting Israel and Egypt, showcasing evolved capabilities.

By Content Team

Dec 3, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Iran's MuddyWater hacking group has significantly upgraded its cyber capabilities, deploying new custom malware called MuddyViper against Israeli and Egyptian targets from September 2024 through March 2025. The group, linked to Iran's intelligence ministry, used a sophisticated 64-bit loader called "Fooder" disguised as the Snake video game to execute attacks entirely in memory, evading traditional detection.

This marks a major evolution for MuddyWater, historically known for noisy, error-prone operations. The new toolkit includes advanced credential stealers and reverse tunneling capabilities. ESET researchers also observed collaboration with another Iranian group, Lyceum, suggesting increased coordination among Tehran's cyber units. Despite improvements, some operational weaknesses remain detectable.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

VS Code Configs Expose GitHub Codespaces to Supply Chain Attacks

Feb 5, 2026

AI Recruiting Firm Mercor Hit by Major Supply Chain Attack

Apr 2, 2026

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Mar 23, 2026

Conduent Data Breach Exposes Nearly 17,000 Volvo Group Employees' Personal Information

Feb 15, 2026