MuddyWater APT Group Releases BugSleep Backdoor Across The Middle East

MuddyWater an Iranian threat group affiliated with the Ministry of Intelligence and Security (MOIS) has ramped up its activities in Israel since the Israel-Hamas war began in October 2023. This activity is also observed against targets in Saudi Arabia Turkey Azerbaijan India and Portugal. MuddyWater uses phishing campaigns sent from compromised organizational email accounts typically leading to the deployment of legitimate Remote Management Tools (RMM) like Atera Agent and Screen Connect. Recently their campaigns have introduced BugSleep a new custom backdoor designed to execute commands and transfer files between compromised machines and the C2 server. BugSleep is still in development with ongoing improvements and bug fixes by the threat actors.