MuddyWater

MuddyWater is an Iran-state-nexus cyber-espionage and intrusion group first documented around 2017 and broadly attributed to Iran's Ministry of Intelligence and Security (MOIS). It is also tracked under the aliases Static Kitten (CrowdStrike) and Mango Sandstorm (Microsoft). The group targets government agencies, defence contractors, telecommunications providers, and critical infrastructure organisations primarily across the Middle East, Central Asia, Europe, and the United States. Its operations combine spear-phishing, living-off-the-land techniques, and exploitation of internet-facing vulnerabilities to achieve initial access before deploying remote management tools for persistent access.

In a March 2026 threat analysis, MuddyWater was documented exploiting CVE-2025-34291, a critical (CVSS 9.4) origin-validation flaw in the Langflow open-source LLM pipeline builder, for initial access. CISA added CVE-2025-34291 to the Known Exploited Vulnerabilities catalogue on 21 May 2026. The group's adoption of AI orchestration tooling as an attack surface marks a tactical evolution: MuddyWater has historically favoured legitimate remote-access tools (AnyDesk, ScreenConnect) and commodity exploit frameworks, and is now tracking the AI/LLM deployment frontier.

MuddyWater's targeting of AI pipeline infrastructure is significant beyond the immediate exploit. LLM orchestration tools store API keys and access tokens for connected services; a successful Langflow compromise provides not just foothold but a lateral pivot into every downstream service the pipeline integrates. This attack pattern will likely recur as AI tooling proliferates into sensitive enterprise and government environments.