TZUTC: -0500
MSGID: 1776.consprcy@1:2320/105 2d96e4ca
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Iranian hacker group deploys malicious Snake game to target Egyptian and
Israeli critical infrastructure

Date:
Wed, 03 Dec 2025 16:44:00 +0000

Description:
MuddyWater has deployed more sophisticated techniques and malware in a string
of attacks targeting Israel and Egypt.

FULL STORY

An Iranian-aligned hacking group tracked as 'MuddyWater' has dramatically
shifted tactics in attacks against Israeli and Egyptian critical
infrastructure. 

 Previous campaigns by the group, observed by ESET Research, were
characteristically noisy in their tactics, techniques, and procedures (TTPs)
making them easily detectable. 

However, the group has begun employing a new backdoor deployed via the Fooder
loader, which often disguises itself as the classic Snake game.

MuddyVipers, snakes, and ladders

The attacks have typically targeted Israeli telecommunications, governmental,
and oil and energy sectors. In this campaign, MuddyWater began by 
distributing spearphishing emails with PDF attachments linking to free remote
monitoring and management (RMM) software, with the install files hosted on
OneHub, Egnyte, Mega, and other free file hosting services. 

Rather than installing legitimate RMM software, the files instead install
loaders through which attackers can deploy backdoors. In the attacks observed
by ESET, a newly identified loader known as Fooder deploys the MuddyViper
backdoor. 

Fooder has a unique characteristic - it often masquerades as the Snake game.
This technique is more than just a disguise, as the core logic of Snake
provides the loader with a custom delay function, allowing it to hide its 
true function from analysis. 

The MuddyViper backdoor is also previously unobserved. Written in the C/C++
programming language, MuddyViper is capable of collecting system information,
downloading and uploading files, executing files and shell commands, and
stealing Windows credentials and browser data by displaying a fake Windows
Security dialog.

The MuddyWater campaign targeted 17 organizations in Israel across a range of
sectors including engineering, local government, manufacturing, technology,
transportation, utilities, and universities. The group also targeted an
Egyptian organization in the tech sector. 

For greater insight into the MuddyWater campaign, as well as indicators of
compromise, take a look at ESETs ' MuddyWater: Snakes by the riverbank '
research (in the article link below).

======================================================================
Link to news story:
https://www.techradar.com/pro/security/iranian-hacker-group-deploys-malicious-
snake-game-to-target-egyptian-and-israeli-critical-infrastructure

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470
SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426