Threat Actor Profile

MuddyWater

Aliases
  • Mango Sandstorm
  • Static Kitten
  • Earth Vetala
Origin
Iran
Active Since
2017
Motivation
Espionage, Regional intelligence collection
Cause
Nation State
Recent Activity

Recent reporting links MuddyWater, also known as Seedworm, to intrusions against U.S. and allied organizations, including a U.S. bank, airport, Canadian nonprofit, and the Israeli operations of a U.S.-based software company. The activity involved Dindoor, a backdoor leveraging the Deno JavaScript runtime.

Primary Targets
  • Organizations across the Middle East and North Africa
  • Operation Olalampo targets
Target Locations
  • Middle East
  • North Africa
  • Broader international targets
Target Sectors
  • Government
  • Telecommunications
  • Energy
  • Private Sector

How Bitsight Helps

Understanding threat actor capabilities is only half the battle—the other half is knowing whether your organization is in their crosshairs. See how Bitsight threat intelligence helps you move from observation to action.

Request threat intel demo