Advanced Threats
March 15, 20261 min read98
MuddyWater Infiltration Campaign Uncovered: Iranian Group Targets Jordan, Turkey and Azerbaijan
The MuddyWater group, backed by Iran's Ministry of Intelligence, deployed new backdoors against targets in Jordan, Turkey and Azerbaijan in a long-term espionage campaign.
By Titan Layer Editorial Team
Published on March 15, 2026
Source: —
Security researchers uncovered a new campaign by the MuddyWater group — an advanced threat actor sponsored by Iran's Ministry of Intelligence and Security (MOIS) — targeting government and defense organizations in Jordan, Turkey and Azerbaijan.
The campaign deployed two new custom backdoors: BugSleep (a lightweight implant establishing encrypted C2 communication) and Velho (a more sophisticated Python-based backdoor capable of screenshots, keylogging and persistent access).
The campaign uses spear-phishing with legitimate document formats in local languages, impersonating government communications. This reflects growing geopolitical tensions and serves as a warning for organizations in countries with tense relations with Iran.
Article information
Editorial author:Titan Layer Editorial Team
Original source:—
Original publisher:—
Original author:—
Original publication date:—
Reference link:—
Titan Layer publication date:March 15, 2026
Content type:Curated summary and editorial analysis
#iran#APT#muddywater#backdoor#espionagem
Share this article
Related Articles
Cyber Crime
Deep#Door Backdoor: A Sophisticated Threat for Espionage and Disruption
Titan Layer
5/1/2026
Cyber Crime
Iranian Cyber Group Handala Targets US Troops in Bahrain
Titan Layer
4/29/2026
Malware
Threat Actor UNC6692 Uses Microsoft Teams to Deploy New 'Snow' Malware
Titan Layer
4/25/2026