MuddyWater is a threat actor attributed to IR, also known as TEMP.Zagros, Static Kitten, Seedworm. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does MuddyWater exploit?

MuddyWater is known to exploit 8 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

MuddyWater

Also known as: TEMP.Zagros, Static Kitten, Seedworm, MERCURY, COBALT ULSTER, G0069, ATK51, Boggy Serpens, Mango Sandstorm, TA450, Earth Vetala, Muddy Water

IRCyber Espionage

Exploited CVEs

Overview

The MuddyWater attacks are primarily against Middle Eastern nations. However, we have also observed attacks against surrounding nations and beyond, including targets in India and the USA. MuddyWater attacks are characterized by the use of a slowly evolving PowerShell-based first stage backdoor we call “POWERSTATS”. Despite broad scrutiny and reports on MuddyWater attacks, the activity continues with only incremental changes to the tools and techniques.

Exploited Vulnerabilities

CVE ID	Action
CVE-2024-1708	View Details