• Threat Intelligence Cyberattacks & Data Breaches Endpoint Security Remote Workforce News Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa and the Asia Pacific Iran’s MuddyWater Targets Orgs With Fresh Malware as Tensions Mount The long-active Iranian threat group debuted various attack strains and payloads in attacks against organizations in the Middle East and Africa. • February 23, 2026 As the US prepares for a possible military strike against Iran, thenation-state threat groupMuddyWater is wasting no time ramping up its cyber offensive against organizations in the Middle East and Africa region with an emerging attack campaign delivering several new strains of custom malware. • The campaign, dubbed Operation Olalampo, starts with the group’s typical entry tactic - spear-phishing emails - and ends with the deployment of one of several strains of never-before-seen second-stage loader and backdoor malware, according toa reportby Group-IB published Friday. • Olalampo “targeted multiple organizations and individuals primarily across the MENA region, aligning with the ongoing geopolitical tensions,” according to the blog post. • There also is evidence that MuddyWater, which is tied to Iran’s Ministry of Intelligence and Security (MOIS), deviated from its typical entry tactic and also tried to exploit flaws in public-facing servers as part of the activity, which the researchers first discovered on Jan. • Related:Latin America’s Cyber Maturity Lags Threat Landscape One of the new malware strains, the Char backdoor, used aTelegram botas a command-and-control (C2) channel, which gave researchers “valuable insight into MuddyWater’s post-exploitation activity,” according to the report.

Article Summaries:

  • Iranian threat group MuddyWater has introduced new malware variants and payloads in a series of cyberattacks targeting organizations across the Middle East and Africa. The group, known for its long‑standing presence, deployed multiple attack strains that demonstrate evolving tactics and techniques. Analysts note that the timing of these operations coincides with rising geopolitical tensions in the region, suggesting a potential link between cyber activity and broader strategic objectives. The attacks highlight MuddyWater’s continued focus on expanding its reach and refining its toolset to target critical infrastructure and business entities in these areas.
  • Iran’s state‑backed threat group MuddyWater has intensified its cyber‑offensive with a new campaign called Operation Olalampo, targeting organizations across the Middle East, North Africa and Africa. The attack vector remains spear‑phishing via malicious Microsoft documents, but the group introduced several previously unseen second‑stage loaders and backdoors, including the Rust‑based “Char” backdoor that uses a Telegram bot for command‑and‑control. Analysts note that the malware shows signs of AI‑assisted development, such as debug strings containing emojis, and that MuddyWater is also exploiting public‑facing server vulnerabilities. The campaign aligns with rising geopolitical tensions as the U.S. prepares for a possible strike against Iran.

Sources: