MuddyWater APT group has shifted from scripting tools to a new Rust-based malware called “RustyWater” to evade detection and target critical sectors in the Middle East. This sophisticated attack involves spearphishing campaigns using malicious Word documents to deploy resilient, modular implants. #MuddyWater #RustyWater
Keypoints
- MuddyWater has adopted a new Rust-based malware to enhance stealth and cross-platform capabilities.
- The group targets diplomatic, maritime, financial, and telecom organizations in the Middle East.
- The attack chain begins with spearphishing emails containing malicious Word documents.
- The malware employs anti-analysis, registry persistence, and modular post-compromise features.
- Organizations are advised to update defenses to detect compiled malware like RustyWater beyond traditional indicators.