October 23, 2025 1 min read

Iran-linked MuddyWater targets over 100 organisations globally

You might want to pay attention to this latest cybersecurity scare. The Iranian hacking group MuddyWater has reportedly targeted over 100 organizations in a global espionage campaign. They’ve been using a compromised email account to spread a backdoor known as Phoenix, mainly focusing on government entities across the Middle East and North Africa.

According to a report from Singapore’s Group-IB, most of the targets are embassies, diplomatic missions, and foreign affairs ministries, but they’re also hitting international organizations and telecom companies. Researchers found that MuddyWater accessed the compromised email through NordVPN, a legitimate service. They then sent phishing emails that looked like they were from trusted sources, tricking recipients into opening them. This kind of sophisticated attack shows just how crucial it is for organizations to be vigilant about their email security.

Share this article

Twitter LinkedIn Email

More insights from the team

Continue exploring adjacent research and threat briefings selected for their relevance to this topic.

View all articles

Nov 07, 2025 • 1 min

U.S. Congressional Budget Office faces suspected cyberattack

The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...

Researchers uncover vulnerabilities in ChatGPT that expose data

Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...

Gootloader malware resurfaces with new tactics after seven months

Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...