Iranian Cyber Threat Group Drops New Backdoor, 'BugSleep'
The group — which has targeted Israel, Saudi Arabia, and other nations — often uses spear phishing and legitimate remote management tools but is developing a brand-new homegrown toolset.
Stay updated on the latest backdoor threats in cybersecurity. Discover news, analysis, and insights on covert access vulnerabilities.
Search across headline titles and summaries.
Background for this topic.
A backdoor is a hidden method within software or hardware that allows bypassing normal authentication to access a system or network. These can be intentionally created by developers for maintenance or debugging but are frequently exploited or implanted by attackers to maintain unauthorized, persistent access. Backdoors often appear as undocumented commands, hidden user accounts, or covert network services designed to evade detection.
In cybersecurity, backdoors enable attackers to circumvent security controls, increasing the risk of prolonged system compromise and data exposure. Detecting backdoors requires careful code review, monitoring for unusual system behavior, and verifying integrity through trusted baselines. Identifying backdoor indicators in malware or attacker infrastructure is critical for limiting unauthorized access and reducing attacker dwell time within networks. Defensive measures focus on eliminating hidden access points and strengthening authentication mechanisms.
The group — which has targeted Israel, Saudi Arabia, and other nations — often uses spear phishing and legitimate remote management tools but is developing a brand-new homegrown toolset.
The Iranian APT group has shifted away from using legitimate remote monitoring tools to compromise its victims
Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management (RMM) software for maintaining persistent access