VERY IMPORTANT

The MuddyWater APT group has recently launched new attacks in Israel, Africa, and Turkiye using products developed in-house and taking over third-party tools. Phishing attacks use PDF attachments with agents from services like Atera and ConnectWise. Once installed, actors gain privileges to monitor and execute files. MuddyWater is expanding tactics to reduce digital footprint, likely increasing spear-phishing via compromised accounts. Technical analysis shows tailored attack files named for targets. Compromised business accounts used to build agents, increasing victim persuasion. Remote access tools ensure persistence and capabilities like command execution and file operations. MuddyWater aligns attacks with Iran's interests, adding techniques and using legitimate tools for anonymity.