Rectifyq📃Title: Chronology of MuddyWater APT Attacks Targeting the Middle East
📅Date: 2026-02-23
🔗References:
Description
This report analyzes the recent activities of the MuddyWater APT group, which primarily targets organizations in the Middle East. The group employs sophisticated spear-phishing techniques, often impersonating legitimate entities and using malicious documents to gain initial access. Their attacks focus on long-term infiltration and intelligence gathering rather than immediate disruption. The report details several attack cases from 2019 to 2026, highlighting the group’s evolving tactics, including the abuse of legitimate remote management tools and the use of Rust-based malware. The analysis emphasizes the importance of endpoint detection and response (EDR) solutions in identifying and mitigating these threats, as traditional perimeter-based security measures prove insufficient against such advanced persistent threats.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: campaign-analysis
- topic: geopolitical
- target: broad-based
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Egypt”
- target-information=“Iraq”
- target-information=“Israel”
- target-information=“Jordan”
- target-information=“Malaysia”
- target-information=“Oman”
- target-information=“Turkmenistan”
- threat-actor MuddyWater
- mitre-attack-pattern=[‘T1133’, ‘T1071’, ‘T1190’, ‘T1583.001’, ‘T1036’, ‘T1588.001’, ‘T1102’, ‘T1204’, ‘T1059.001’, ‘T1547.001’, ‘T1199’, ‘T1588.002’, ‘T1566’, ‘T1078’, ‘T1027’, ‘T1213’, ‘T1105’, ‘T1569.002’]
MISP event uuid: 902d955b-e5f7-4bca-948e-857e6ab0017c
Indicator of Compromise (IoCs)
type,value,comment
ip-dst, 159.198.66.153, ''
ip-dst, 159.198.68.25, ''
domain, screenai.online, ''
domain, stratioai.org, ''
hostname, nomercys.it.com, ''
Full IOCs available in Rectifyq's MISP```