Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

MuddyWater U.S. network intrusion campaign targeting banks, airports, and a software company arm

Campaign
First reported
Last updated
Happening score
H score 55
2 unique sources, 2 articles

Summary

Hide ▲

MuddyWater (Seedworm) is running a state-linked intrusion campaign that has embedded itself in U.S. banks, airports, a non-profit, and an Israeli software company arm, widening risk across multiple sectors. The operation was assessed to have started in early February and appears to have intensified after U.S. and Israeli strikes on Iran. The campaign matters because it paired backdoor deployment with an attempted data exfiltration path, indicating potential persistence and theft.

Cases

MuddyWater intrusion into U.S. networks and an Israeli software arm (1)

Related Happenings

FamousSparrow Azerbaijanian oil-and-gas targeting campaign

Campaign
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...

Open Happening

FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company

Campaign
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...

Open Happening

UAE and Gulf cyberattack surge after Iran conflict escalation

Target Trend
First: 06.05.2026 08:30 Last: 06.05.2026 08:30 Sources 1

About this happening: Cyberattack volume surged across the **UAE** and wider **Gulf** after military operations against **Iran** began, pushing daily breach attempts to **600,000 to 800,000** and raisi...

Open Happening

Iranian-linked PLC targeting campaign against U.S. critical infrastructure

Campaign
First: 07.04.2026 21:02 Last: 07.04.2026 21:02 Sources 1

About this happening: Iranian-linked hackers are actively targeting **Internet-exposed Rockwell/Allen-Bradley PLCs** on **U.S. critical infrastructure** networks, increasing the risk of operational dis...

Open Happening

FBI, DOJ, and Poland take FrostArmada infrastructure offline

Law Enforcement
First: 07.04.2026 18:51 Last: 07.04.2026 18:51 Sources 1

About this happening: Authorities carried out a **takedown** of **FrostArmada** infrastructure, disrupting an **APT28** credential-theft operation that hijacked router traffic to steal Microsoft logins...

Open Happening

Timeline

  1. 06.03.2026 12:23 2 articles · 2mo ago

    MuddyWater campaign disclosure against U.S. company networks

    Initial Disclosure

    Broadcom's Symantec and Carbon Black Threat Hunter Team disclosed that MuddyWater (Seedworm), an Iran MOIS-linked group, had embedded itself in several U.S. companies' networks, including banks, airports, a non-profit, and the Israeli arm of a software company. The researchers said the campaign began in early February and included a new Dindoor backdoor built on the Deno JavaScript runtime, plus an attempted Rclone exfiltration to a Wasabi cloud storage bucket from the software company arm.

    Show sources
    Open in new tab