The post details the latest malicious activities of the Iranian threat actor group MuddyWater, also known as MERCURY. It sheds light on their evolving tactics and the introduction of a new command and control (C2) framework dubbed 'DarkBeatC2'. The report provides analysis of the group's recent campaigns, supply chain attacks, and their potential collaboration with other Iranian groups. It also explores their abuse of compromised accounts and infrastructure to conduct phishing attacks and deploy remote access tools (RATs) against Israeli organizations.