Cyber Resilience

Threat actor · all actors

MuddyWaterG0069 state

🇮🇷 IR · MOIS

aka MuddyWater, Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros, Mango Sandstorm, TA450, MuddyKrill, COBALT ULSTER, G0069, ATK51, Boggy Serpens

Last updated: 2026-07-03

2attributed CVEs
94ATT&CK techniques
7.0IDF score (tooling uniqueness)
1exclusive CVEs
2026years active

About this actor

[MuddyWater](https://attack.mitre.org/groups/G0069) is a cyber espionage group assessed to be a subordinate element within Iran's Ministry of Intelligence and Security (MOIS).(Citation: CYBERCOM Iranian Intel Cyber January 2022) Since at least 2017, [MuddyWater](https://attack.mitre.org/groups/G0069) has targeted a range of government and private organizations across sectors, including telecommunications, local government, finance, defense, and oil and natural gas organizations, in the Middle East (specifically the UAE and Saudi Arabia), Asia, Africa, Europe, and North America. [MuddyWater](https://attack.mitre.org/groups/G0069) has reused domains dating back to October 2025, and has a preference for NameCheap and Hosterdaddy Private Limited (AS136557). In late 2025 and early 2026, [MuddyWater](https://attack.mitre.org/groups/G0069) used commercial satellite internet (i.e., Starlink) for command and control (C2) communication. (Citation: FalconFeeds_Iran_Mar2026)(Citation: Huntio_IranInfra_Mar2026)(Citation: Unit 42 MuddyWater Nov 2017)(Citation: Symantec MuddyWater Dec 2018)(Citation: ClearSky MuddyWater Nov 2018)(Citation: ClearSky MuddyWater June 2019)(Citation: Reaqta MuddyWater November 2017)(Citation: DHS CISA AA22-055A MuddyWater February 2022)(Citation: Talos MuddyWater Jan 2022)(Citation: NaumaanProofpoint_GlobalClickFix_April2025)(Citation: ESET_MuddyWater_Dec2025)(Citation: SymantecCarbonBlack_Seedworm_Mar2026)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2026-22813 3.56.10.00912026-01-12see CVE
CVE-2017-01995 0.00.00.0000see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-462 / 9466%
CM-656 / 9460%
CM-254 / 9457%
SI-354 / 9457%
CA-742 / 9445%
CM-741 / 9444%
AC-436 / 9438%
SC-734 / 9436%
AC-633 / 9435%
AC-331 / 9433%
AC-229 / 9431%
RA-526 / 9428%
SI-726 / 9428%
SI-224 / 9426%
SI-1021 / 9422%

Co-occurring actors

Similar actors

Overlapping CVEs

Same nation-state