Iran’s MuddyWater infiltrates multiple US organizations.

Summary

By the N2K CyberWire staff

Iran’s MuddyWater infiltrates multiple US organizations.

The Iranian state-sponsored threat actor MuddyWater (also known as "Seedworm" or "Static Kitten") compromised several US entities in early February 2026, including a bank, an airport, US and Canadian non-profits, and the Israeli operations of a US software company, according to researchers at Symantec. The threat actor is using a new backdoor dubbed "Dindoor" and a Python backdoor called "Fakeset."

The activity continued following US and Israeli military strikes on Iran beginning on February 28th. The researchers note, "While it’s not known if the operations of Seedworm are disrupted by the current conflict, already having a presence on US and Israeli networks prior to the current hostilities beginning means the threat group is in a potentially dangerous position to launch attacks." The US government has attributed MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).

From AI Ambition to Secure Agents at Scale

Join Glean’s virtual Security Showcase on March 12 to receive a new security framework for AI agents, hear a candid CIO–CISO conversation on real-world risk decisions, and see new controls for data protection, agent guardrails, and private‑by‑design deployment. Register to walk away with a practical blueprint for deploying secure, governed AI agents at scale. Register now.

FBI investigates breach of wiretap management systems.

The US FBI is investigating a breach of systems used to manage foreign intelligence surveillance and wiretap warrants, CNN reports. A source told CNN that officials are still working to determine the scope of the incident. The source said the incident "has prompted senior officials at the FBI and Justice Department focused on civil liberties and national security to respond." The Bureau said in a statement, "The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond."

BleepingComputer notes that China's Salt Typhoon cyberespionage operation in 2024 compromised systems used by the US government for court-authorized wiretapping requests, though it's unclear if the latest breach is related.

Vellox Reverser: Defeat malware in minutes

Vellox Reverser is an autonomous malware reverse engineering and threat intelligence product from Booz Allen. It delivers deep technical analysis and actionable insights in minutes, enabling teams to neutralize threats at scale, reduce organizational risk, and outpace evolving adversaries. Reverse the unknown, fast. Request a demo or start your 30-day free trial and experience cybersecurity at machine speed.

Russian national pleads guilty to involvement in the Phobos ransomware operation.

A Russian national pleaded guilty in a US Federal court to his involvement in the Phobos ransomware operation, SecurityWeek reports. 43-year-old Evgenii Ptitsyn was arrested in South Korea and extradited to the US in November 2024. The US Justice Department stated, "Each deployment of Phobos ransomware was assigned a unique alphanumeric string to match it to the corresponding decryption key, and each affiliate was directed to pay the decryption key fee to a cryptocurrency wallet unique to the affiliate. From December 2021 to April 2024, the decryption key fees were then transferred from the unique affiliate cryptocurrency wallet to a wallet Ptitsyn controlled. Ptitsyn also received a portion of the ransomware payments made by victims."

Ptitsyn faces a maximum penalty of 20 years in prison for a count of wire fraud conspiracy, with sentencing set for July 15, 2026.

Vellox Reverser: Accelerate cyber defense at machine speed

Vellox Reverser is an autonomous malware reverse engineering and threat intelligence product from Booz Allen. It delivers deep insights and actionable countermeasures in minutes, dramatically accelerating response time to today’s most complex cyber threats. Fully automated. Built for speed. A true force multiplier for cyber defense. Request a demo or start your 30-day free trial and experience cybersecurity at machine speed.

Experience the Power of Community at RSAC 2026 Conference

RSAC™ 2026 Conference returns to San Francisco March 23–26, bringing together the global cybersecurity community for four days of expert insights, hands-on learning, and breakthrough innovation. Join thousands of practitioners, executives, and innovators as they tackle today’s toughest challenges and explore solutions shaping tomorrow. From cutting-edge ideas to immersive programs and vibrant networking, this is where meaningful progress happens. Register today and be part of the conversations driving cybersecurity forward.

Notes.

Today's issue includes events affecting Canada, China, Iran, Israel, Russia, and the United States.

Attacks, Threats, and Vulnerabilities

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering (BlueVoyant) BlueVoyant's Security Operations Center (SOC) recently uncovered a new A0Backdoor delivered through Teams impersonation.

Chinese state hackers target telcos with new malware toolkit (BleepingComputer) A China-linked advanced persistent threat actor tracked as UAT-9244 has been targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices.

Marketplace

Tech Giants, Washington Rally for Anthropic in Pentagon Feud (GovInfoSecurity) Lawmakers, Industry Warn Supply-Chain Risk Label Sets Dangerous Precedent for Tech

Legislation, Policy, and Regulation

House panel marks up kids digital safety act amid Democrat backlash (The Record) Committee Democrats criticized the KIDS Act for including a weak knowledge standard that they said allows tech companies to escape accountability for online safety harms by claiming they are unaware kids are using their platforms and deserve protections.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

RSAC 2026 (San Francisco, California, USA, Mar 23 - 26, 2026) Ideas become breakthroughs when shared. Challenges become opportunities when tackled together. That’s the Power of Community—a key focus for RSAC™ 2026 Conference. Real change happens when cybersecurity professionals unite.

Wicked6 Cyber Games (Virtual, Mar 27 - 29, 2026) The premier global event spotlighting WOMEN in Cyber and Tech through exciting, team-based cyber competitions, mentorship, and community engagement. Our virtual, global "Hack and Chat" inspires and empowers women in cybersecurity from over 40 countries across six continents and there's lots of excitement building behind this year's theme. Your investment will enable women from across the globe to meet, learn from each other, play cyber games together and compete in a quality Attack and Defend competition.

SO-CON 2026 (Arlington, Virginia, USA, Apr 13 - 14, 2026) SO-CON is the only conference dedicated to identity-based security and attack path management. The week begins with a two-day main conference packed with talks, research, and community exchange, followed by four days of deep-dive, hands-on trainings led by adversary-experienced practitioners. Training to follow on April 15-18, 2026.

Space Symposium 2026 (Colorado Springs, Colorado, USA, Apr 13 - 16, 2026) Space Symposium is the premier event uniting global space professionals from all sectors, providing a unique platform to explore critical space issues, foster dialogue, and drive innovation across the space industry.

Philadelphia Cybersecurity Summit (Philadelphia, PA, Apr 15, 2026) Maximize your networking opportunities by meeting with fellow industry executives and leading security experts at the upcoming 9th Annual Philadelphia Official Cybersecurity Summit on Wednesday, April 15, 2026. Secure your admission now! Use Code CSS26-CRA before February 18 for Free Admission.*

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 03.06.26

Top stories.

Iran’s MuddyWater infiltrates multiple US organizations.

FBI investigates breach of wiretap management systems.

Russian national pleads guilty to involvement in the Phobos ransomware operation.

Notes.

Attacks, Threats, and Vulnerabilities

Marketplace

Legislation, Policy, and Regulation

Events