Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
MuddyWater’s Espionage Campaign Targets Global Organizations

MuddyWater’s Espionage Campaign Targets Global Organizations

Posted on May 26, 2026 By CWS

The Iranian hacking group known as MuddyWater has launched a new espionage campaign impacting organizations across nine different countries, spanning four continents, in the first quarter of 2026. This campaign has targeted sectors including industrial and electronics manufacturing, education, financial services, and public-sector bodies.

Among the affected entities is a major South Korean electronics manufacturer, which experienced a network breach that lasted a week in February 2026. The attacks also extended to an international airport in the Middle East, Southeast Asian industrial manufacturers, and a financial services provider in Latin America.

Technical Details of the Campaign

According to Symantec and Carbon Black’s Threat Hunter Team, the attackers employed DLL side-loading techniques extensively. They utilized legitimately signed binaries from Fortemedia and SentinelOne to execute malicious DLLs disguised as legitimate software. This method effectively bypasses conventional security measures, allowing the attackers to operate under the radar.

The use of ‘fmapp.exe’ to sideload ‘fmapp.dll’ had been previously documented in connection with MuddyWater’s Operation Olalampo. This DLL is designed to connect to attacker-controlled IP addresses. Similarly, ‘sentinelmemoryscanner.exe’, associated with a security product, was exploited to sideload a rogue DLL, ‘sentinelagentcore.dll’, enhancing the attackers’ ability to evade detection.

Impact and Techniques Used

The attacks made use of Node.js scripts to deploy PowerShell code for reconnaissance and information gathering. In one instance, stolen data was staged on sendit[.]sh, a public file-transfer service. This approach highlights the attackers’ ability to adapt and use publicly available tools to achieve their goals.

Furthermore, the attackers utilized a node.exe-based implant chain to drop PowerShell scripts that performed various malicious activities, including reconnaissance, screenshot capture, and privilege escalation. The use of ChromElevator, an open-source tool, allowed them to steal sensitive data from browsers, effectively circumventing encryption protections.

Wider Implications and Future Outlook

The campaign underscores a shift towards quieter and more disciplined operations by MuddyWater, as noted by researchers. This evolution in technique indicates a significant improvement in their operational hygiene compared to previous years.

The European Council’s recent sanctions against Iranian company Emennet Pasargad, linked to previous cyber activities, reflect the growing concerns over Iran-backed cyber threats. These campaigns have targeted critical infrastructure sectors globally, causing significant disruptions.

Recent analyses have also connected Iran’s Ministry of Intelligence and Security to further exfiltration campaigns targeting organizations in the U.S., Israel, Saudi Arabia, and Turkey. These ongoing threats highlight the importance of robust cybersecurity measures and the need for continuous monitoring and adaptation to counter evolving cyber threats.

The Hacker News Tags:cyber attacks, cyber espionage, Cybersecurity, DLL side-loading, Espionage, global hacking, Information Security, Iranian hackers, MuddyWater, threat intelligence

Post navigation

Previous Post: Ghost CMS Vulnerability Exploited in Widespread Malware Attack
Next Post: DockSec Leverages AI to Streamline Docker Vulnerability Fixes

Related Posts

Critical MetInfo CMS Flaw Exploited for Code Execution Critical MetInfo CMS Flaw Exploited for Code Execution The Hacker News
OpenClaw Flaws Risk Data Security and System Control OpenClaw Flaws Risk Data Security and System Control The Hacker News
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions The Hacker News
New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes The Hacker News
Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More The Hacker News
40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials 40 npm Packages Compromised in Supply Chain Attack Using bundle.js to Steal Credentials The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised
  • ShareFile Users Advised to Shut Down Controllers Amid Security Alert
  • New Windows Attack Method Evades Leading Security Tools

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised
  • ShareFile Users Advised to Shut Down Controllers Amid Security Alert
  • New Windows Attack Method Evades Leading Security Tools

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark