logo

The WatchGuard Geopolitical Cyber Report: Iran-Affiliated Cyber-Espionage Against Global High-Value Organizations

ID: 4c7b3743-bf7f-5aa1-a65a-c5ba6203615c

STIX ID: report--4c7b3743-bf7f-5aa1-a65a-c5ba6203615c

Feed Name: WatchGuard Secplicity Blog

Threat Score
90/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: Paolo Omezzolli

...
...

**Executive summary:** Iran-linked MuddyWater (Seedworm) ran an active, global espionage campaign in early 2026 targeting electronics, aviation, finance, education and government; attackers used trusted/signed binaries with DLL side‑loading, a Node.js-based loader to run PowerShell scripts, ChromElevator to harvest Chromium-based browser credentials and cookies, registry-based credential dumping, and exfiltration via a public file-transfer service (sendit.sh); the report provides IOCs, MITRE ATT&CK mappings and tiered mitigation steps emphasizing behavioral detection over signature-only controls.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.