EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • Iranian APT group MuddyWater used Chaos ransomware as cover

    Iranian APT group MuddyWater used Chaos ransomware as cover

    Written by
    The Editorial Team
    05.11.26
    Cyber stability
    01
    MIN
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Image The ECB summons European banks to discuss AI-related risks
    Cyber stability
    05.27.26 Cyber stability
    Next article
    The ECB summons European banks to discuss AI-related risks
    Read
    01
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image Canada: more than 42,000 data breaches in the tax system since 2020
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Canada: more than 42,000 data breaches in the tax system since 2020
    Read
    01
    MIN
    Image Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Read
    01
    MIN
    The cybercriminals used this smokescreen to conduct a cyberespionage operation and steal strategic data.

    Cybersecurity company Rapid7 published a report on May 6, 2026, about a cyberattack apparently carried out by the Chaos ransomware gang, but ultimately attributed to the Iranian APT group MuddyWater. Researchers provided no details about the victim of the operation. However, they established that MuddyWater, a group linked to Iran’s Ministry of Intelligence and Security (MOIS), had conducted the attack for cyberespionage purposes and to steal strategic data.

    According to Alexandra Blia and Ivan Feigl, cybersecurity researchers at Rapid7, the use of Chaos “reflects a continued effort to conceal the objectives of operations and complicate attribution.” “MuddyWater’s increased activity since the beginning of 2026, particularly in cyberespionage and in preparing disruptive actions against Western and Middle Eastern networks, has likely led to greater use of false-flag operations,” the two experts added.

    Active since February 2025, Chaos is believed to be an offshoot of the now-defunct BlackSuit and Royal groups. In 2025, researchers had already established links between MuddyWater and the Russian-speaking ransomware gang Qilin, in an attack against an Israeli company.

    The Editorial Team
    05.11.26
    Articles by the same author:
    1
    06.10.26 Cyber +
    Canada: Artificial Intelligence as a Pillar of Digital Sovereignty
    Read
    02
    MIN
    2
    06.08.26 Cybercrime
    According to the Five Eyes, Chinese spies are using job sites to recruit insiders
    Read
    02
    MIN
    3
    06.04.26 Cyber +
    Russia accuses foreign intelligence services of hacking the phones of senior officials
    Read
    01
    MIN
    4
    06.04.26 Secops
    Palo Alto Networks announced on June 2, 2026, the acquisition of Portkey, a U.S. start-up specializing in the control of autonomous AI agents.
    Read
    01
    MIN
    Image The ECB summons European banks to discuss AI-related risks
    Cyber stability
    05.27.26 Cyber stability
    Next article
    The ECB summons European banks to discuss AI-related risks
    Read
    01
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image Canada: more than 42,000 data breaches in the tax system since 2020
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Canada: more than 42,000 data breaches in the tax system since 2020
    Read
    01
    MIN
    Image Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.