Iran-Linked APT Group Seedworm Active in US Networks Since February 2026

An Iran-linked advanced persistent threat (APT) group, identified as Seedworm (also known as MuddyWater), has been active within the networks of multiple US organizations since early February 2026. The group, attributed to Iran’s Ministry of Intelligence and Security (MOIS), is deploying new backdoors in targeted operations. Researchers from Symantec and Carbon Black linked the activity to the group, which is engaged in cyber espionage. The campaign raises concerns about potential broader cyber operations amid escalating geopolitical tensions in the Middle East. No specific sectors or technical details of the backdoors were disclosed in the report.