A Genians report details how Middle Eastern state-sponsored APTs—most notably MuddyWater—conduct patient, stealthy espionage campaigns against governments and critical national infrastructure across Europe, Asia, and North America. These actors exploit human factors and legacy IT by weaponizing RMM tools and macro-laden Word documents (e.g., Cybersecurity.doc) to deliver a Rust-based payload (disguised as Certificationkit.ini/reddit.exe) that phones home to nomercys.it. #MuddyWater #nomercys_it
Keypoints
- State-sponsored APTs from the Middle East prioritize stealth, persistence, and long-term intelligence collection.
- MuddyWater targets governments and critical national infrastructure across multiple continents.
- Initial access commonly uses social engineering, macro-based Word documents, and abuse of RMM tools.
- The attack chain drops a Rust-compiled executable (Certificationkit.ini internally named reddit.exe) that contacts nomercys.it to enumerate security products.
- Perimeter-based defenses often miss these user-driven intrusions, making endpoint behavior-based detection (EDR) critical.