The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employedScreenConnect, RemoteUtilities, and Syncro, anew analysisfrom Group-IB has revealed the adversary’s use of the SimpleHelp remote support software in June 2022. MuddyWater,