Researchers discovered a Blackwaters malware campaign that is suspected to associated with well known MuddyWater APT. The campaign bypass the security control and install a backdoor on Victims PC. The threat actors applied many tactics within it to improve its operational security and avoid endpoint detection. Threat actors using Obfuscated VBA script to establish the persistence mechanism and the VBA. script triggered a. PowerShell stager, also a type of method to masquerade as a red-teaming tool.”]