MuddyWater is linked to a broad 2026 espionage campaign that hit at least nine organizations across nine countries, using DLL side-loading, Node.js, PowerShell, and ChromElevator to steal credentials and browser data. Separately, Iran-linked operations tied to Emennet Pasargad, Shahid Shushtari, and MOIS targeted organizations in the U.S., Israel, Saudi Arabia, Turkey, and beyond with exfiltration and disruptive activity. #MuddyWater #ChromElevator #Fortemedia #SentinelOne #EmennetPasargad #ShahidShushtari #MOIS
Keypoints
- MuddyWater targeted organizations across nine countries on four continents.
- The group abused signed Fortemedia and SentinelOne binaries for DLL side-loading.
- ChromElevator was used to steal passwords, cookies, and payment card data from Chromium browsers.
- Attackers used Node.js and PowerShell for reconnaissance, screenshots, credential theft, and SOCKS5 tunneling.
- Iran-linked campaigns also involved Emennet Pasargad, Shahid Shushtari, and MOIS in exfiltration and disruptive operations.
Read More: https://thehackernews.com/2026/05/muddywater-uses-dll-side-loading-in.html