Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.
The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango Sandstorm or TA450), a cluster assessed to be affiliated with Iran's Ministry of Intelligence and Security (MOIS). The attacks also singled out one technology company based in Egypt.
The hacking group first came to light in November 2017, when Palo Alto Networks Unit 42 detailed targeted attacks against the Middle East between February and October of that year using a custom backdoor dubbed POWERSTATS. It's also known for its destructive attacks on Israeli organizations using a Thanos ransomware variant called PowGoop as part of a campaign referred to as Operation Quicksand.
According to data from the Israel National Cyber Directorate (INCD), MuddyWater's attacks have aimed at the country's local authorities, civil aviation, tourism, healthcare, telecommunications, information technology, and small and medium-sized enterprises (SMEs).
Typical attack chains involve techniques like spear-phishing and the exploitation of known vulnerabilities in VPN infrastructure to infiltrate networks and deploy legitimate remote management tools – a long-favored approach of MuddyWater. However, at least si
Source: https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html
INTELEYE cybersecurity rating report: https://www.rankiteo.com/company/inteleye-technologies
"id": "INT1764734788",
"linkid": "inteleye-technologies",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': ['Academia',
'Engineering',
'Government',
'Manufacturing',
'Technology',
'Transportation',
'Utilities'],
'location': 'Israel',
'name': None,
'size': None,
'type': ['Academia',
'Engineering',
'Local Government',
'Manufacturing',
'Technology',
'Transportation',
'Utilities']},
{'customers_affected': None,
'industry': 'Technology',
'location': 'Egypt',
'name': None,
'size': None,
'type': 'Technology Company'}],
'attack_vector': ['Spear-phishing',
'Exploitation of known vulnerabilities in VPN '
'infrastructure'],
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'description': 'Israeli entities spanning academia, engineering, '
'local government, manufacturing, technology, '
'transportation, and utilities sectors have been '
'targeted by Iranian nation-state actors '
'delivering a previously undocumented backdoor '
'called MuddyViper. The attacks also singled out '
'one technology company based in Egypt.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': None,
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': 'MuddyViper',
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'motivation': 'Nation-state espionage, Destructive attacks',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': 'Thanos (PowGoop variant)'},
'references': [{'date_accessed': None,
'source': 'ESET',
'url': None},
{'date_accessed': None,
'source': 'Palo Alto Networks Unit 42',
'url': None},
{'date_accessed': None,
'source': 'Israel National Cyber Directorate '
'(INCD)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'MuddyWater (aka Mango Sandstorm or TA450)',
'title': 'MuddyWater Cyber Attacks on Israeli and Egyptian '
'Entities',
'type': 'Cyber Espionage, Backdoor Deployment'}}