BleepingComputer reports that Iranian state-sponsored threat operation MuddyWater, also known as Seedworm, Static Kitten, Earth Vetala, and MERCURY, has partially replaced remote management tools with the novel custom BugSleep malware to achieve persistent network access in attacks against several organizations in different sectors across various countries, including Israel, India, Saudi Arabia, Turkey, and Portugal. Intrusions involved the delivery of phishing emails purporting to be webinar or online course invitations with a link, which would redirect to archives with malicious Egnyte-hosted payloads, as well as a custom malware loader facilitating the injection of several BugSleep variants to Microsoft OneDrive, AnyDesk, and other legitimate software, according to an analysis from Check Point Research. "We discovered several versions of the malware being distributed, with differences between each version showing improvements and bug fixes (and sometimes creating new bugs). These updates, occurring within short intervals between samples, suggest a trial-and-error approach," said researchers.
Network Security, Threat Intelligence
Latest MuddyWater attacks involve novel BugSleep backdoor

Sliver malware spread by SimpleHelp RMM exploits. (Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds