BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

MuddyWater deploys RustyWater Rust RAT in Middle East attack

  • MuddyWater has deployed a Rust-based implant called RustyWater against Middle East diplomatic, maritime, financial, and telecom targets.
  • Attackers use spear-phishing with malicious Word documents and VBA macros that prompt victims to “Enable content.”
  • RustyWater (also tracked as Archer RAT and RUSTRIC) supports asynchronous C2, anti-analysis, registry persistence, and modular expansion.
  • The activity marks a shift from PowerShell/VBS loaders and legitimate remote-access tools toward structured Rust implants; the group is linked to Iran’s Ministry of Intelligence and Security (MOIS).

The Iranian-linked actor MuddyWater has been observed running a spear-phishing campaign that delivers a Rust-based implant called RustyWater to targets in the Middle East. According to Prajwal Awasthi at CloudSEK, the campaign began this period and focuses on diplomatic, maritime, financial, and telecom organizations.

- Advertisement -

The emails impersonate Cybersecurity guidance and include Microsoft Word attachments. When opened, the documents instruct victims to "Enable content." That action runs a VBA macro that drops the Rust binary on the host system.

RustyWater — also known as Archer RAT and RUSTRIC — collects system information, checks for security software, and creates persistence via a Windows Registry key. The implant contacts a command-and-control server at nomercys.it[.]com to receive commands and transfer files.

CloudSEK described the toolset as low-noise and modular, stating that, "The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular post-compromise capability expansion." This marks an evolution from the group’s earlier reliance on PowerShell and VBS loaders.

The actor, tracked under names including Mango Sandstorm, Static Kitten, and TA450, has operated since at least 2017 and is assessed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Separate reporting noted that RUSTRIC activity was flagged by Seqrite Labs in attacks against IT firms, managed service providers, human resources, and software development companies in Israel.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services....

ChartUp Solana Volume Booster: Random Trade Size Tests

A private Solana test becomes less informative when every swap repeats the same value....

WordPress core hit by zero-click RCE bug, patch now live

WordPress patched a pre-authentication remote code execution flaw in versions 6.9.5 and 7.0.2 on...

ECB: Stablecoin growth puts European bank deposits at risk

ECB board member Piero Cipollone warned Friday that stablecoin growth could strip European banks...

Tesla Launches Megacharger Network with Bloomington Station

Tesla opened a new public Megacharger station in Bloomington, California, calling it the start...

Must Read

17 Best Audiobooks On Blockchain Technology For Beginners

If you're looking to dive into the world of blockchain technology, you're in for a treat. The field is rapidly evolving and the potential...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading