Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MuddyWater Operation Olalampo campaign targeting MENA organizations and individuals

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

The MuddyWater campaign Operation Olalampo is actively targeting organizations and individuals across MENA, creating ongoing risk of remote compromise and follow-on intrusion. First observed on January 26, 2026, the operation uses phishing emails with malicious Microsoft Office documents to deliver custom tooling. The toolkit includes GhostFetch, HTTP_VIP, CHAR, and GhostBackDoor, and one variant also deploys AnyDesk. The campaign matters because it combines macro-based delivery, remote-control payloads, and exploitation of recently disclosed vulnerabilities on public-facing servers to gain access.

Related Happenings

Secret Blizzard Kazuar modular P2P botnet

Malware Activity
First: 16.05.2026 17:15 Last: 16.05.2026 17:15 Sources 1

About this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...

Open Happening

MuddyWater broad cyber-espionage campaign across sectors and countries

Campaign
First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...

Open Happening

APT28 Operation GhostMail Zimbra phishing campaign targeting Ukrainian government entities

Campaign
First: 19.03.2026 16:55 Last: 19.03.2026 16:55 Sources 1

About this happening: **APT28**’s **Operation GhostMail** is actively targeting **Ukrainian government entities** through a phishing chain that exploits **CVE-2025-66376** in **Zimbra Collaboration Sui...

Open Happening

Dindoor backdoor activity in MuddyWater operations

Malware Activity
First: 06.03.2026 17:15 Last: 06.03.2026 17:15 Sources 1

About this happening: Researchers identified **Dindoor**, a previously unknown backdoor, on targeted networks tied to **MuddyWater**, showing the group was using a new intrusion toolset. The malware ap...

Open Happening

APT28 wellnesscaremed[.]com multistage LNK campaign

Campaign
First: 02.03.2026 12:36 Last: 02.03.2026 12:36 Sources 1

About this happening: An **APT28**-linked **LNK/HTML delivery chain** is being used for **multistage payloads**, indicating an ongoing phishing-style operation that can broaden exploitation paths. The...

Open Happening

Timeline

  1. 23.02.2026 09:25 2 articles · 3mo ago

    Operation Olalampo phishing and malware delivery

    Campaign Scope Update

    MuddyWater's Operation Olalampo targets organizations and individuals mainly in the MENA region by sending phishing emails with malicious Microsoft Office or Microsoft Excel attachments that prompt macro execution and deliver GhostFetch, HTTP_VIP, CHAR, GhostBackDoor, and, in one variant, AnyDesk.

    Show sources
    Open in new tab
  2. 23.02.2026 09:25 1 articles · 3mo ago

    Group-IB analysis of CHAR and server exploitation

    Technical Analysis Update

    Group-IB's analysis of MuddyWater's CHAR backdoor found signs of AI-assisted development in debug strings and noted that the group is exploiting recently disclosed vulnerabilities on public-facing servers to obtain initial access to target networks.

    Show sources
    Open in new tab