The Iranian hacking group known as MuddyWater has been using compromised email mailboxes to conduct global phishing campaigns. Their attacks aim to infect victims through malicious Word macros. The campaign was reported by TechRadar on October 23, 2025.
Cybersecurity researchers have identified a new phishing operation linked to the Iranian state-sponsored hacking group MuddyWater. According to a TechRadar report, the hackers are exploiting compromised email accounts to send phishing emails worldwide. These emails contain attachments with Word macros designed to infect victims' systems upon opening.
The campaign targets a broad range of victims globally, leveraging the trust associated with hijacked legitimate mailboxes to increase success rates. MuddyWater, also known as Seedworm or TEMP.Zagros, has a history of cyber espionage activities attributed to Iranian interests.
No specific details on the number of affected accounts or targeted sectors were provided in the initial report. The phishing efforts align with broader trends in advanced persistent threat groups using social engineering tactics to deliver malware.