MuddyWater, also known as Seedworm and Static Kitten, ran a wide-ranging espionage campaign against at least nine organizations across multiple countries and sectors, including a South Korean electronics manufacturer, government agencies, and an international airport. The group used DLL sideloading, PowerShell, and public services like sendit.sh to steal credentials, collect screenshots, and exfiltrate data while appearing to blend into normal activity. #MuddyWater #Seedworm #StaticKitten #Fortemedia #SentinelOne #ChromElevator #senditsh
Keypoints
- MuddyWater targeted at least nine high-profile organizations worldwide.
- The campaign focused on espionage, industrial theft, and access to downstream networks.
- Attackers abused legitimate signed binaries through DLL sideloading.
- PowerShell and Node.js loaders were used for screenshots, reconnaissance, persistence, and credential theft.
- The South Korean electronics manufacturer was accessed for about a week in February 2026.