BOGGY Serpens, also known as MuddyWater, is an Iranian threat group tracked by Unit 42 that targets diplomatic and critical infrastructure across the Middle East and beyond, with MOIS attribution. The group has evolved from high-volume spear phishing to a more mature, persistence-focused model that relies on trusted relationship compromises, hijacking internal accounts to bypass filters and sustain operations.
Over the last year, Boggy Serpens has expanded its target set to include maritime, aviation and financial sectors, including a sustained four-wave campaign against a UAE-based energy and marine services company from August 2025 to February 2026. Its toolset now includes Rust-based backdoors such as BlackBeard and AI-assisted development, along with payload families like GhostBackDoor and Nuso, and a new LampoRAT RAT that uses the Telegram Bot API for C2.
According to Unit 42, these advancements reflect a shift toward more sophisticated implants and social engineering, underpinned by a dedicated, cross‑regional cyberespionage effort. 16 March 2026.