Find notable cyber news and cases, enriched with sources, timelines, and signals.

UDPGangster backdoor deployed by MuddyWater

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The MuddyWater group has deployed UDPGangster, a new backdoor that uses UDP C2 to control compromised systems and expand post-compromise access. The malware can execute commands, exfiltrate files, and deliver additional payloads, increasing the impact on infected hosts. It was delivered through spear-phishing Word documents with macros enabled and targeted users in Turkey, Israel, and Azerbaijan.

Related Happenings

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

Fake AI study guide AsyncRAT lure campaign targeting Windows users

Campaign
H score33 First: 11.06.2026 17:00 Last: 11.06.2026 17:00 Sources 1

About this happening: A **malware-luring campaign** now uses fake **AI study guides** and **developer resources** to target **Windows users** at organizations, increasing the risk of stealthy **AsyncRA...

Dindoor backdoor activity in MuddyWater operations

Malware Activity
H score23 First: 06.03.2026 17:15 Last: 06.03.2026 17:15 Sources 1

About this happening: Researchers identified **Dindoor**, a previously unknown backdoor, on targeted networks tied to **MuddyWater**, showing the group was using a new intrusion toolset. The malware ap...

MuddyWater Operation Olalampo campaign targeting MENA organizations and individuals

Campaign
H score33 First: 23.02.2026 09:25 Last: 23.02.2026 09:25 Sources 1

About this happening: The **MuddyWater** campaign **Operation Olalampo** is actively targeting organizations and individuals across **MENA**, creating ongoing risk of remote compromise and follow-on in...

WinRAR path traversal via Alternate Data Streams (CVE-2025-8088)

Vulnerability
H score21 First: 27.01.2026 21:38 Last: 27.01.2026 21:38 Sources 1

About this happening: The **CVE-2025-8088** **WinRAR** path traversal flaw is being **actively exploited** through **Alternate Data Streams (ADS)** to write malicious files outside the extraction direc...

Timeline

  1. 08.12.2025 08:46 2 articles · 7mo ago

    MuddyWater uses UDPGangster against users in Turkey, Israel, and Azerbaijan

    Initial Disclosure

    MuddyWater deployed UDPGangster, a new backdoor using UDP for command-and-control, in a campaign against users in Turkey, Israel, and Azerbaijan. The malware was delivered through spear-phishing Microsoft Word documents and ZIP attachments that prompted macro activation, used a macro dropper to write decoded content to C:\Users\Public\ui.txt, launched the payload with CreateProcessA, established persistence through Windows Registry changes, ran anti-analysis checks, and could connect to 157.20.182[.]75 over UDP port 1269 to gather system information, execute cmd.exe commands, exfiltrate files, update C2, and drop additional payloads.

    Show sources