#236: Who is MuddyWater?
A take on a new threat from an old adversary
You’re already thinking about compliance—is digital accessibility on your list?
If you work in or around regulated industries, here’s something that may have slipped under your radar: a federal ADA deadline hits in less than two months. On April 24, state and local governments — and the vendors and partners who serve them — must meet WCAG 2.1 AA standards for digital accessibility or face real legal exposure.
Accessibility failures aren’t just an HR or marketing problem. They’re an organizational risk vector, and the lawsuit surge is real: Digital accessibility litigation jumped 15% nationwide in Q1 2025 alone.
Aspiritech’s team of autistic and neurodivergent tech professionals helps organizations audit, test, and remediate digital products against WCAG and Section 508 standards, catching what automated scanners miss.
Read the full breakdown below!
Want to know where your digital products stand?
Welcome to another _secpro!
The conflict surrounding Iran illustrates how contemporary cyber operations function as an extension of geopolitical competition rather than a separate domain of warfare. State-linked actors, proxy groups, and opportunistic cybercriminals all exploit the disruption and political polarization created by armed conflict to conduct espionage, influence operations, and disruptive attacks.
Techniques such as distributed denial-of-service campaigns, wiper malware, credential-harvesting phishing, and information manipulation are used not only to target military or government networks but also to pressure civilian infrastructure, financial institutions, and private companies that sit within the broader strategic ecosystem.
As the conflict evolves, these tactics demonstrate how cyber capabilities can be rapidly mobilized, scaled through proxy actors, and directed against a wide range of targets—creating a threat landscape in which the effects of war extend well beyond the battlefield and into the digital systems that underpin modern economies and societies.
If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!
Cheers!
Austin Miller
Editor-in-Chief
This week’s articles
Who is MuddyWater?
In early 2026, researchers from Group-IB published an analysis of a cyber-espionage campaign known as Operation Olalampo, attributed to the advanced persistent threat group MuddyWater. MuddyWater has long been associated with Iranian state-linked cyber activity and has historically targeted government agencies, telecommunications providers, and critical infrastructure organizations across the Middle East and surrounding regions. The Olalampo campaign demonstrates how state-aligned cyber actors continue to evolve their tactics and infrastructure while relying on proven techniques such as phishing and custom malware frameworks.
5 Key Learnings concerning the Iranian Crisis
Five quick and easy takes to get your brain juices flowing in a time of political turmoil. How do we expect we will be forced to respond as cybersecurity professionals? What will be the possible long term effects? Click on the link to get involved.
News Bytes
AI as Tradecraft: How Threat Actors Operationalize AI: Microsoft researchers detail how threat actors are integrating AI tools across the attack lifecycle, including reconnaissance, phishing content generation, and malware development. The report highlights how adversaries increasingly use AI to accelerate operations and scale social-engineering campaigns.
March 2026 Patch Tuesday Fixes Two Zero-Day Vulnerabilities: Microsoft patched 79 vulnerabilities in its March Patch Tuesday update, including actively exploited zero-days that could allow privilege escalation or system crashes. Security teams are advised to prioritize patching as attackers often quickly weaponize newly disclosed flaws.
How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks: An Iranian-linked hacking group known as Handala reportedly launched disruptive attacks including data-wiping operations against organizations such as medical technology firms. The group blends hacktivist messaging with nation-state-aligned cyber tactics as geopolitical tensions rise.
2026 Global Threat Intelligence Report: Flashpoint’s latest threat intelligence report finds ransomware incidents rose 53% year-over-year and identity compromise is becoming the primary entry vector, driven by billions of exposed credentials circulating in criminal markets. (Eagle-eyed readers might notice our review and deep dive into this report next week!)
The Industrialization of Cyber Attacks: Researchers documented a record 31.4 Tbps DDoS attack and observed that 94% of login attempts across monitored services are now bot-driven, illustrating the increasing automation of large-scale cyber campaigns.
Threat Brief: Escalation of Iranian Cyber Activity: Unit 42 observed a surge of phishing campaigns and hacktivist operations linked to Iranian actors, including a malicious Android APK mimicking the RedAlert emergency app to deploy surveillance malware on victims’ devices.
A Threat Actor Landscape Assessment of ICS/OT Targeting: Researchers warn that geopolitical escalation has triggered increased targeting of industrial control systems and operational technology environments, with dozens of hacktivist groups mobilizing to launch disruptive cyber operations against critical infrastructure.
Into the blogosphere...
Announcing the 2026 Cyber 150 (Richard Stiennon): This post introduces the Cyber 150, a ranking of midsize cybersecurity companies identified through IT-Harvest industry data. The article explains how the companies were selected and discusses the broader trend of innovation in cybersecurity startups, particularly those focused on AI-driven security platforms and cloud-native protection tools. The list is widely discussed among security investors and industry analysts.
Security for AI-Native Companies: 6 Security Shifts Teams Can’t Ignore in 2026 (Gradient Flow): This article explores how AI-native organizations face new security risks beyond traditional IT security. It highlights emerging issues such as data poisoning, model theft, identity compromise, and training-data integrity, arguing that traditional security programs must adapt to protect machine-learning pipelines and AI infrastructure. The piece is frequently shared among AI engineering and security communities.
The Truth About the 2026 Cybersecurity Job Market—You’re Not Ready (The Cloud Security Guy): This article examines the disconnect between cybersecurity workforce demand and candidate readiness. It argues that many aspiring professionals underestimate the technical depth and specialization now required, especially in areas like cloud security, identity security, and DevSecOps. The author outlines key skills that will define the 2026 job market and offers guidance for professionals entering or transitioning into cybersecurity.
Going Into 2026: What Founders and Security Leaders Need to Know (Ross Haleliuk): This industry analysis focuses on the cybersecurity market and startup ecosystem heading into 2026. Haleliuk discusses trends such as consolidation among security vendors, the growing importance of platform approaches, and the challenges security startups face in proving real value to enterprise buyers. The article is widely read by cybersecurity founders, investors, and CISOs evaluating the evolving security market.
Trump’s 2026 National Cyber Strategy: What It Actually Means (Bill McKenna): This analysis breaks down the newly released U.S. National Cyber Strategy, interpreting what it means for federal agencies, critical infrastructure sectors, and healthcare cybersecurity programs. The article emphasizes how policy changes could reshape cybersecurity funding priorities, compliance expectations, and coordination between government and private-sector defenders.