Hackers connected to Iran are on the loose again in the Middle East, instigating an apparent espionage campaign in five countries, Trend Micro said on Friday.
The company concluded with moderate confidence that the MuddyWater hacking group, whose interests tend to align with the Iranian government’s, is behind the campaign.
It’s an ongoing spearphishing effort aimed at government agencies, academia and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia and the United Arab Emirates, according to Trend Micro.
The research confirms research from Anomali in February, and expands the range of named targets.
What’s different about this campaign, though, is that it doesn’t exhibit the usual competence MuddyWater has demonstrated, Trend Micro said.
“While it possesses remote access capabilities, the attackers seem to lack the expertise to use all of these tools correctly,” the company wrote. “This is unexpected since we believe this attack is connected to the MuddyWater threat actors — and in other connected campaigns, the attackers have shown higher levels of technical skill.”
Anomali observed that the campaign against the UAE developed in the aftermath of that nation normalizing relations with Israel, Iran’s nemesis.