> TritonInfoSec News
Home / May 08, 2026 / Story
0
#7 The Record threat-intel May 07, 2026 at 21:30 UTC

Iranian government hackers using Chaos ransomware as cover, researchers say

AI Summary

Rapid7 incident responders uncovered that a ransomware attack initially attributed to Chaos ransomware was actually an intrusion by MuddyWater, an Iranian APT group tied to Iran's Ministry of Intelligence and Security (MOIS). The use of ransomware as operational cover marks a deceptive TTPs evolution for this threat actor, complicating attribution and incident response triage. Defenders encountering Chaos ransomware artifacts should consider nation-state involvement as part of their analysis.

Read full article → https://therecord.media/iran-government-hackers-us…

Relevance score: 80.0/100

# More from May 08

  1. 1
    PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage The Hacker News
  2. 2
    Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access The Hacker News
  3. 3
    Canvas Breach Disrupts Schools & Colleges Nationwide Krebs on Security
  4. 4
    Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions The Hacker News
  5. 5
    PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems The Hacker News
  6. 6
    Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants SecurityWeek
  7. 8
    Critical vm2 sandbox bug lets attackers execute code on hosts BleepingComputer
  8. 9
    DAEMON Tools devs confirm breach, release malware-free version BleepingComputer
  9. 10
    New TCLBanker malware self-spreads over WhatsApp and Outlook BleepingComputer