SecurityWeek
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
ATT&CK techniques detected
T1486Data Encrypted for Impact
92%
“the access, the hackers deployed additional payloads, moved laterally through the environment, and harvested and exfiltrated information. finally, the threat actors sent emails to multiple users for extortion, claiming to have stolen information and threatening to leak it unless …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078Valid Accounts
74%
“iranian apt intrusion masquerades as chaos ransomware attack the iran - linked apt actor muddywater has been observed performing an intrusion masquerading as a ransomware attack, rapid7 reports. as part of the intrusion observed in early 2026, the attackers relied on social engin…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
46%
“iranian apt intrusion masquerades as chaos ransomware attack the iran - linked apt actor muddywater has been observed performing an intrusion masquerading as a ransomware attack, rapid7 reports. as part of the intrusion observed in early 2026, the attackers relied on social engin…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Likely perpetrated by MuddyWater, the attack combined social engineering, persistence, credential harvesting, and data theft.
The post Iranian APT Intrusion Masquerades as Chaos Ransomware Attack appeared first on SecurityWeek.