> threat_actor MuddyWater —— origin: Iran (MOIS) —— alias: Static Kitten / Mango Sandstorm —— signature: RMM tool abuse<span class="cursor-blink">_</span>_
MuddyWater — also tracked as Static Kitten, Mango Sandstorm, MERCURY, Seedworm, Earth Vetala, TEMP.Zagros, TA450, Cobalt Ulster, Boggy Serpens, and Yellow Nix — is an Iranian state-sponsored cyber espionage group assessed by the US government to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS). Active since at least 2017, MuddyWater has targeted government agencies, telecommunications providers, defence organisations, energy companies, financial institutions, academic institutions, and healthcare entities across the Middle East, Asia, Africa, Europe, and North America.
What makes MuddyWater distinctive is not sophistication in the traditional sense — they do not develop zero-day exploits or deploy cutting-edge implants. Instead, MuddyWater has mastered the art of abusing legitimate tools. Their signature technique is deploying legitimate Remote Monitoring and Management (RMM) software — the same tools IT departments use to manage endpoints — as command-and-control infrastructure. Atera Agent, ScreenConnect, SimpleHelp, Syncro, RemoteUtilities, N-able, and Action1 have all been weaponised by MuddyWater. Because these are signed, trusted, commercially licensed applications, they bypass endpoint detection, application whitelisting, and reputation-based security controls.
Cisco Talos's assessment captures the group's structure precisely: MuddyWater is not a single team but a conglomerate of multiple smaller teams operating independently under a shared MOIS mandate. Each team focuses on specific regions, uses slightly different tooling and infection chains, but shares techniques that evolve across teams over time — likely through shared contractors or development resources. This conglomerate structure explains why MuddyWater activity is so prolific and geographically diverse: multiple teams are operating simultaneously against different target sets.
| Attribute | Detail |
|---|---|
| Tracked Names | MuddyWater (Unit 42/Kaspersky), Static Kitten (Anomali), Mango Sandstorm (Microsoft, current), MERCURY (Microsoft, legacy), Seedworm (Symantec), Earth Vetala (Trend Micro), TEMP.Zagros (FireEye), TA450 (Proofpoint), Cobalt Ulster (Secureworks), Boggy Serpens (Palo Alto), Yellow Nix, SectorD02, T-APT-14, ATK51 |
| State Sponsor | Islamic Republic of Iran — Ministry of Intelligence and Security (MOIS). Formally attributed by a joint advisory from the FBI, CISA, US Cyber Command (CNMF), and the UK's NCSC in February 2022, which described MuddyWater as 'a subordinate element within the Iranian Ministry of Intelligence and Security (MOIS)'. This is the highest-confidence attribution available: four government agencies from two nations confirming the group's organisational placement. |
| Active Since | At least 2017. Continuous and prolific operations observed through 2025, with Group-IB documenting a campaign in late 2025 targeting over 100 government entities across the MENA region using the Phoenix backdoor via a compromised email account. |
| Conglomerate Structure | Cisco Talos assesses MuddyWater as a conglomerate of multiple teams operating independently rather than a single group. Teams focus on specific regions, use varying infection chains, but share TTPs that evolve across campaigns. Shared indicators (strings, watermarks) have also been observed between MuddyWater and APT35/Phosphorus — despite different sponsors (MOIS vs IRGC) — suggesting shared contractors or development resources across Iran's intelligence apparatus. |
| Operational Security Failure | In 2019, Group-IB identified MuddyWater's real IP address — located in Tehran — through an operational security mistake. Despite this exposure, the group continued operations uninterrupted, reflecting state protection and institutional resilience. |
MuddyWater's target set is remarkably broad — spanning government, telecoms, defence, energy, finance, academia, healthcare, IT, transport, and NGOs. Geographically, their primary focus is the Middle East (Israel, Turkey, Saudi Arabia, UAE, Iraq, Jordan, Oman, Syria), with significant operations extending to South Asia (Pakistan, India, Afghanistan), Central Asia (Tajikistan, Azerbaijan, Armenia), Europe (Netherlands, Italy, Portugal, Germany), and North America. Since October 2023, operations targeting Israel have intensified dramatically, aligning with the Hamas conflict.
| Sector | Strategic Value | Notable Campaigns |
|---|---|---|
| Government and Diplomacy | Strategic intelligence on policy, sanctions, and regional alliances. Understanding adversary and partner decision-making processes. Monitoring diplomatic developments particularly around Arab-Israeli normalisation. | 2025 Phoenix campaign targeting over 100 government entities including embassies, consulates, foreign affairs ministries, and diplomatic missions across the MENA region, using a compromised email account accessed via NordVPN. UAE and Kuwait government agencies targeted with ScreenConnect installers masquerading as government documents related to Arab-Israeli normalisation (2021). |
| Telecommunications | Access to communications metadata and content for intelligence collection. Telecoms infrastructure enables surveillance of individuals and organisations of interest. | Telecoms companies targeted across Israel, Turkey, India, and the Middle East. Airlines and travel agencies specifically targeted in 2024 campaigns — travel data provides movement intelligence. |
| Defence and Military | Military capability assessment, weapons procurement intelligence, and defence cooperation between adversary nations. | Defence organisations in the Middle East and NATO-affiliated countries. Campaigns targeting defence sector entities documented by multiple vendors. |
| Energy and Oil & Gas | Competitive intelligence for Iran's oil-dependent economy. Pre-positioning for potential disruptive operations. | Oil and natural gas organisations across the Middle East. CISA advisory specifically identifies the sector as a target. |
| Finance and Academia | Financial intelligence supports sanctions evasion planning. Academic institutions hold research of strategic value and provide access to policy-adjacent expertise. | Israeli academic and financial sector targeted. February 2022 ransomware attack against an Israeli academic institution — assessed as disinformation rather than financial motivation, delivering anti-Israeli content. |
| IT and Managed Services | Supply chain access — compromising IT providers grants indirect access to their clients. MuddyWater's RMM expertise makes IT environments particularly attractive targets. | IT companies targeted as part of supply chain operations. Compromised email accounts from IT organisations used to send phishing campaigns to downstream targets. |
MuddyWater's most operationally significant innovation is their systematic abuse of legitimate Remote Monitoring and Management software. Since at least 2021, they have used commercially available RMM tools as their primary command-and-control mechanism — and the list of abused platforms continues to grow.
| RMM Tool | Period | Deployment Method |
|---|---|---|
| ScreenConnect | 2021 onwards | Phishing emails containing links to ScreenConnect installers hosted on file-sharing platforms. Early campaigns used ScreenConnect installers disguised as government documents. Custom launch parameters configured to target specific government ministries. |
| SimpleHelp | 2023 onwards | Phishing emails linking to SimpleHelp installers. Observed in October 2023 campaigns coinciding with the Hamas attack. Emails masqueraded as flight status notification tools. |
| Atera Agent | 2023–2024 (primary) | Most heavily used RMM tool. Atera provides comprehensive remote control from web UI — file upload/download, interactive shell, and even AI command assistance. MuddyWater registered Atera accounts using compromised email addresses (credentials from prior breaches). Atera agents distributed via phishing through Egnyte file-sharing, Zendesk Chat uploads, and direct email links. |
| Syncro / RemoteUtilities | 2022–2023 | Deployed via phishing alongside other RMM tools. Rotated through different RMM platforms to avoid detection signatures keyed to specific tools. |
| N-able / Action1 / PDQ | 2024–2025 | More recent additions to MuddyWater's RMM arsenal. Action1 and PDQ RMM tools observed hosted alongside custom malware on C2 infrastructure. Continuous expansion of abused platforms. |
The brilliance of this approach is its simplicity. MuddyWater eliminates the need to develop, host, and maintain custom C2 infrastructure. The RMM vendor provides the infrastructure, the encryption, the update mechanism, and the management console. The defender's challenge is distinguishing between a legitimate Atera Agent installed by their IT department and one installed by a MuddyWater phishing campaign — because the software is identical.
While RMM tools are MuddyWater's preferred operational method, the group also maintains a substantial arsenal of custom malware — deployed when RMM tools are insufficient or when security vendors' increasing scrutiny of RMM abuse forces a tactical shift.
| Tool | Type | Capabilities |
|---|---|---|
| BugSleep | Custom backdoor (2024+) | Purpose-built backdoor partially replacing RMM tools — likely in response to increased security vendor monitoring of RMM abuse. Executes commands and transfers files between compromised systems and C2. Multiple versions observed with rapid bug fixes — suggesting trial-and-error development. Uses Sleep API calls for sandbox evasion, mutex creation, and encrypted C2 configuration. |
| Phoenix | Lightweight backdoor (2025+) | Described by Group-IB as a lightweight BugSleep variant written in Python. Gathers system information, establishes persistence, provides interactive shell, and supports file upload/download. Deployed against over 100 government entities in late 2025 MENA campaign. |
| POWERSTATS | PowerShell backdoor (2017+) | MuddyWater's original signature malware — a PowerShell-based backdoor providing command execution and system reconnaissance. Multiple versions (V1–V3) with evolving anti-detection techniques. Establishes C2 via HTTP, using obfuscated PowerShell. |
| PowGoop | DLL side-loading loader | Impersonates legitimate GoogleUpdate.exe DLL (goopdate86.dll). Side-loads malicious DLL into memory using DLL hijacking. Communicates with C2 using modified Base64 encoding. Demonstrates understanding of Windows update mechanisms for evasion. |
| Mori | DNS tunnelling backdoor | Uses DNS tunnelling for C2 — similar to APT34's signature technique. Provides persistent backdoor access through a protocol rarely inspected. Shared technique across MOIS-affiliated groups. |
| Small Sieve | Python-based backdoor | Analysed by UK NCSC/GCHQ. Lightweight implant for maintaining persistence and basic command execution. Named for its minimal footprint and targeted deployment. |
| PhonyC2 / DarkBeatC2 / MuddyC2Go | Custom C2 frameworks | Purpose-built command-and-control frameworks developed by MuddyWater teams. DarkBeatC2 and MuddyC2Go represent evolution toward custom infrastructure when RMM tools face increased detection. PhonyC2 documented in multiple campaigns. |
| Credential Stealers | Browser and system credential theft | Custom browser credential stealer targeting Brave, Chrome, Edge, and Opera. Enumerates browser profiles, extracts encrypted keys, decrypts login data, and stages output encrypted before exfiltration. Deployed alongside RMM tools on C2 infrastructure. Also uses Mimikatz, LaZagne, and Browser64 for LSASS and cached credential dumping. |
Beyond RMM tools, MuddyWater extensively uses Living Off the Land Binaries (LOLBins) and native Windows utilities to execute payloads, evade detection, and maintain persistence. Their PowerShell usage is particularly heavy — to the point where PowerShell monitoring is one of the most effective detection methods against MuddyWater activity.
MuddyWater's reliance on legitimate tools creates a fundamental detection challenge: the tools themselves are not malicious. Defence must focus on context, behaviour, and policy rather than signatures.
MuddyWater's tradecraft is particularly relevant to penetration testing because the group uses techniques that a competent tester should be evaluating. If a penetration test does not attempt RMM tool deployment, LOLBin abuse, and PowerShell-based payload execution, it is not testing against the techniques used by one of the most active state-sponsored groups targeting the Middle East and NATO-affiliated nations.
In our engagements, we specifically test whether: unauthorised RMM agents can be installed and establish external C2, obfuscated PowerShell payloads execute without detection, LOLBins (CMSTP, Mshta, Rundll32) can be used for payload execution, phishing emails with links to legitimate file-sharing platforms bypass email security controls, and DNS tunnelling (a technique shared with APT34) can be used for data exfiltration. These tests directly measure an organisation's resilience against MuddyWater's documented attack chain.
MuddyWater is a MOIS-subordinate conglomerate of multiple teams conducting prolific cyber espionage operations across the Middle East, Europe, Asia, and North America. Their signature innovation — systematic abuse of legitimate RMM tools for command-and-control — creates a fundamental detection challenge because every component of the attack chain is a trusted, signed, commercially licensed application. No custom malware. No suspicious C2 infrastructure. No anomalous network traffic. Just a legitimate remote management tool doing exactly what it was designed to do — in the hands of an Iranian intelligence operative.
The group's evolution in 2024–2025 shows continued adaptation: BugSleep and Phoenix represent a shift to custom backdoors as security vendors increasingly monitor RMM abuse, while the return to macro-enabled Office documents demonstrates willingness to revisit older techniques when they remain effective. The late 2025 campaign targeting over 100 government entities demonstrates the scale at which MuddyWater operates.
For defenders, MuddyWater forces a rethink of what 'malicious software' looks like. The tools MuddyWater deploys are not malware — they are legitimate applications used by IT departments globally. Detection must shift from 'is this software malicious' to 'is this software authorised, expected, and behaving within policy'. Organisations that cannot answer that question for every RMM agent running in their environment have a blind spot that MuddyWater is actively, aggressively, and successfully exploiting.
Our penetration testing engagements include RMM deployment testing — attempting to install legitimate remote management agents and establish external command-and-control through your security controls. This directly simulates MuddyWater's documented attack chain and identifies gaps in application control, endpoint monitoring, and email security.