Blog•Mar 13, 2026
Who Is MuddyWater?
MuddyWater is an Iranian state‑linked cyber‑espionage group active since at least 2017, targeting governments, energy, telecom and defense sectors worldwide. Recent campaigns, especially Operation Olalampo (2025‑2026), show a shift toward hybrid operations that combine intelligence gathering with disruptive tactics, employing new malware families, AI‑assisted code generation, and messaging‑platform C2 channels. The group’s tradecraft aligns with MITRE ATT&CK tactics such as spear‑phishing, PowerShell execution, living‑off‑the‑land tools, and infrastructure reuse. Analysts view MuddyWater’s evolution as a sign of Iran’s expanding cyber‑strategic capabilities.
