EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Iranian APT group MuddyWater used Chaos ransomware as cover

    Iranian APT group MuddyWater used Chaos ransomware as cover

    Written by
    The Editorial Team
    05.11.26
    Cyber stability
    01
    MIN
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Image Is the Cybersecurity World Heading Toward Its Own SaaSpocalypse?
    Cyber stability
    05.06.26 Cyber stability
    Next article
    Is the Cybersecurity World Heading Toward Its Own SaaSpocalypse?
    Read
    09
    MIN
    Image Mythos: Pandora's Box or Marketing Stunt?
    Cyber stability
    04.27.26 Cyber stability
    Next article
    Mythos: Pandora’s Box or Marketing Stunt?
    Read
    09
    MIN
    Image Facing Digital Dependence: Europe’s Wake-Up Call?
    Cyber stability
    04.13.26 Cyber stability
    Next article
    Facing Digital Dependence: Europe’s Wake-Up Call?
    Read
    08
    MIN
    Image Microsoft Seeks to Strengthen Data Center Protection Against Bombings
    Cyber stability
    04.10.26 Cyber stability
    Next article
    Microsoft Seeks to Strengthen Data Center Protection Against Bombings
    Read
    01
    MIN
    The cybercriminals used this smokescreen to conduct a cyberespionage operation and steal strategic data.

    Cybersecurity company Rapid7 published a report on May 6, 2026, about a cyberattack apparently carried out by the Chaos ransomware gang, but ultimately attributed to the Iranian APT group MuddyWater. Researchers provided no details about the victim of the operation. However, they established that MuddyWater, a group linked to Iran’s Ministry of Intelligence and Security (MOIS), had conducted the attack for cyberespionage purposes and to steal strategic data.

    According to Alexandra Blia and Ivan Feigl, cybersecurity researchers at Rapid7, the use of Chaos “reflects a continued effort to conceal the objectives of operations and complicate attribution.” “MuddyWater’s increased activity since the beginning of 2026, particularly in cyberespionage and in preparing disruptive actions against Western and Middle Eastern networks, has likely led to greater use of false-flag operations,” the two experts added.

    Active since February 2025, Chaos is believed to be an offshoot of the now-defunct BlackSuit and Royal groups. In 2025, researchers had already established links between MuddyWater and the Russian-speaking ransomware gang Qilin, in an attack against an Israeli company.

    The Editorial Team
    05.11.26
    Articles by the same author:
    1
    05.11.26 Cyber stability
    Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Read
    01
    MIN
    2
    05.06.26 Cyber stability
    Australia establishes a commission of inquiry into major cyberattacks
    Read
    01
    MIN
    3
    04.29.26 Cybercrime
    Massive data breach hits Asian football two months before the World Cup
    Read
    01
    MIN
    4
    04.28.26 Digital transformation
    World, Sam Altman’s “proof of humanity,” is coming to Zoom and Tinder
    Read
    02
    MIN
    Image Is the Cybersecurity World Heading Toward Its Own SaaSpocalypse?
    Cyber stability
    05.06.26 Cyber stability
    Next article
    Is the Cybersecurity World Heading Toward Its Own SaaSpocalypse?
    Read
    09
    MIN
    Image Mythos: Pandora's Box or Marketing Stunt?
    Cyber stability
    04.27.26 Cyber stability
    Next article
    Mythos: Pandora’s Box or Marketing Stunt?
    Read
    09
    MIN
    Image Facing Digital Dependence: Europe’s Wake-Up Call?
    Cyber stability
    04.13.26 Cyber stability
    Next article
    Facing Digital Dependence: Europe’s Wake-Up Call?
    Read
    08
    MIN
    Image Microsoft Seeks to Strengthen Data Center Protection Against Bombings
    Cyber stability
    04.10.26 Cyber stability
    Next article
    Microsoft Seeks to Strengthen Data Center Protection Against Bombings
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.