THE Infosecurity Magazine report, dated 6 March 2026, says Iranian hacking group MuddyWater is targeting US firms with a new backdoor named Dindoor, detected in a campaign that began in early February and has continued after recent US and Israeli strikes on Iran.
According to Infosecurity Magazine, the Dindoor backdoor was found on the networks of the Israeli outpost of a software company, a US bank and a Canadian non-profit organisation, and it is signed with a certificate issued to “Amy Cherne” while using Deno to execute. The researchers also observed an attempted exfiltration from the software company via Rclone to a Wasabi cloud storage bucket, though it is unclear whether this was successful.
A separate Python backdoor called Fakeset was found on the US airport network and was signed by certificates issued to “Amy Cherne” and “Donald Gay,” the latter previously linked to MuddyWater through other malware families such as Stagecomp and Darkcomp. The backdoor certificates and malware lineage tie the activity to MuddyWater, as recognised by several security vendors, and researchers warn that other organisations could still be vulnerable.