Turbid Currents MuddyWater Attribution
This report links nine coordinated phishing campaigns from 2025 to the Iranian APT group MuddyWater, revealing a single, consistent operational footprint across attacks targeting governments and diplomatic sectors worldwide. Through analysis of shared C2 behavior, VBS loaders, and repeated staging logic, the investigation connects previously isolated incidents into one unified espionage effort marked by infrastructure reuse and stable TTPs.