Iran-Backed MuddyWater Hackers Target 100+ Government Entities Across Middle East and Africa

MuddyWater launches cyberespionage campaign targeting 100+ Middle East and North Africa governments using phishing and malware tactics.

By Content Team

Oct 23, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

The Iranian threat group MuddyWater is conducting a massive cyberespionage campaign targeting over 100 government organizations across the Middle East and North Africa. The campaign, discovered by Group-IB, began August 19 and uses phishing emails sent through a compromised mailbox accessed via NordVPN to appear legitimate.

Victims receive blurred Word documents that prompt them to enable macros, which then deploy the Phoenix backdoor version 4 through a FakeUpdate injector. The malware establishes persistence and connects to command-and-control servers for intelligence gathering. Targets include embassies, diplomatic missions, and foreign affairs ministries, supporting MuddyWater's geopolitical objectives and Iran's Ministry of Intelligence operations.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Tennessee Man Pleads Guilty to Hacking Supreme Court Filing System 25 Times

Jan 18, 2026

Russian Hackers Permanently Damage Equipment in Attack on Polish Power Grid

Jan 30, 2026

Google Patches Actively Exploited Chrome Zero-Day — Update Immediately

Apr 2, 2026

Massive GitHub Campaign Spreads Trojan Through 300+ Fake AI Tool Packages

Mar 25, 2026