A new MuddyWater threat campaign has been discovered by Deep Instinct Threat Lab, which has identified the Iranian-based cyber espionage group in a series of attacks across the Middle East and Africa.

It is highly probable that the group behind this threat campaign, referred to as 'SevMC', has additional variants of MuddyWater in its arsenal.

The cyber espionage group is comprised of a series of loosely affiliated attackers who have previously been affiliated with the Iran-based threat group known as 'Fula-Lab', which was discovered by IBM in 2012, and has since been identified on multiple occasions.

MuddyWater is an Iranian cyberespionage group that has primarily targeted Middle Eastern and South Asian governments, military agencies and other organizations within those regions. The malware variant used by SevmC targets low-level systems running Microsoft Windows OS, using exploits previously identified by other threat actors.

The group's connection to Iran-based Fula-Lab is confirmed by the fact that the SevMC team and Fula-Lab use the same C2 infrastructure and malware. The malware used by the group has also been detected on systems used in previous, unrelated Fula-Lab attacks, further tying the two groups together.

‍

Source: New MuddyWater Threat: Old Kitten; New Tricks - AlienVault - Open Threat Exchange