MuddyWater is a well-known threat actor group that has been active since 2017. They target groups across Middle East and Central Asia, primarily using spear phishing emails with malicious attachments. Most recently they were connected to a campaign in March that targeted organizations in Turkey, Pakistan, and Tajikistan.
The group has been quite visible since the initial 2017 Malwarebytes report on their elaborate espionage attack against the Saudi Arabian government. After that first report, they were extensively analyzed by other security companies. Through all that, we’ve only seen minor changes to the tools, techniques and procedures (TTPs) they have used.
However, we recently observed a few interesting delivery documents similar to the known MuddyWater TTPs.
Source: Trend Micro