Private and governmental organizations in Türkiye are being targeted by the Iranian-backed APT group MuddyWater.
This group has around since at least 2017, and has been known to target Austria, Iran, Saudi Arabia, and Türkiye. As usual, MuddyWater is using spear-phishing to spread malicious documents or executables; this campaign relies on PDFs that appear to originate from the Turkish Health or Interior Ministries. These establish persistence in compromised networks and subsequently lead to delivery of further malware.
Acronis Cyber Protect's advanced behavioral detection capabilities identify and block cyberthreats of all forms, including documents with malicious macros, and stop them from delivering more malware.