Suspected Iranian hackers snooping on Middle Eastern targets anew

MuddyWater is targeting government agencies, academia and the tourism industry.
Attendees listen to a speech during the the International Conference on the Legal-International Claims of the Holy Defense in the capital Tehran on February 23, 2021. (Photo by ATTA KENARE / AFP) (Photo by ATTA KENARE/AFP via Getty Images)

Hackers connected to Iran are on the loose again in the Middle East, instigating an apparent espionage campaign in five countries, Trend Micro said on Friday.

The company concluded with moderate confidence that the MuddyWater hacking group, whose interests tend to align with the Iranian government’s, is behind the campaign.

It’s an ongoing spearphishing effort aimed at government agencies, academia and the tourism industry in Azerbaijan, Bahrain, Israel, Saudi Arabia and the United Arab Emirates, according to Trend Micro.

The research confirms research from Anomali in February, and expands the range of named targets.


MuddyWater has a history of going after Middle Eastern government agencies and academia along with a range of industries, and it has a reputation for persistent spy work.

What’s different about this campaign, though, is that it doesn’t exhibit the usual competence MuddyWater has demonstrated, Trend Micro said.

“While it possesses remote access capabilities, the attackers seem to lack the expertise to use all of these tools correctly,” the company wrote. “This is unexpected since we believe this attack is connected to the MuddyWater threat actors — and in other connected campaigns, the attackers have shown higher levels of technical skill.”

Anomali observed that the campaign against the UAE developed in the aftermath of that nation normalizing relations with Israel, Iran’s nemesis.

Latest Podcasts