Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft. The post Iranian APT Intrusion Masquerades as Chaos Ransomware Attack appeared first on SecurityWeek.
The Iran-linked APT actor MuddyWater has been observed performing an intrusion masquerading as a ransomware attack, Rapid7 reports.
As part of the intrusion observed in early 2026, the attackers relied on social engineering for initial access and performed operations typically associated with espionage campaigns, including reconnaissance, credential harvesting, and data theft, but did not deploy file-encrypting ransomware.
The threat actors engaged with the victim organization’s employees via Microsoft Teams, establishing screen-sharing sessions for access to users’ assets. This allowed them to steal credentials, manipulate MFA protections, and compromise accounts.
Source: https://www.securityweek.com/iranian-apt-intrusion-masquerades-as-chaos-ransomware-attack/
Related breach coverage
- Iranian cyber espionage disguised as a Chaos Ransomware attack2026-05-06
Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended […]
- Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom2026-05-08
A system that thousands of schools and universities use went offline due to a cyberattack, creating chaos as students tried to study for finals. The post Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom appeared first on SecurityWeek.
- Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion2026-05-07
Dragos has published a report describing how threat actors used Claude AI in an attack on a water and drainage utility in Mexico. The post Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion appeared first on SecurityWeek.
- Sophisticated Quasar Linux RAT Targets Software Developers2026-05-06
The persistent, evasive implant provides remote access, surveillance, and credential exfiltration capabilities. The post Sophisticated Quasar Linux RAT Targets Software Developers appeared first on SecurityWeek.