Operation Olalampo: Inside MuddyWater's Latest Campaign
Essential information
- Published
- 23/02/2026 10:13
- Modified
- 23/02/2026 10:20
- Tags
- 2026-02-23 ai-assisted apt c2 charmpower ghostbackdoor ghostfetch http_vip mena operation olalampo post-exploitation rust backdoor telegram bot
- Related entities
- 14 observables, 1 intrusion sets (apt), 17 techniques (mitre), 4 malware, 4 others
Description
MuddyWater APT has launched Operation Olalampo, targeting organizations in the MENA region. The campaign involves new malware variants, including a Rust backdoor called CHAR, downloaders GhostFetch and HTTP_VIP, and an advanced backdoor GhostBackDoor. Notably, the group is using Telegram bots for command-and-control, revealing insights into their post-exploitation tactics. The operation, first observed on January 26, 2026, shows tactical and technical overlaps with previous MuddyWater activities. Key discoveries include potential AI-assisted malware development and infrastructure reuse dating back to October 2025. The campaign aligns with ongoing geopolitical tensions and provides valuable information on the threat actor's evolving techniques.