The Threat CodexMay 6
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
#ChaosRaaSGroup #MuddyWater
https://www.rapid7.com/blog/post/tr-muddying-tracks-state-sponsored-shadow-behind-chaos-ransomware/
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware

In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (RaaS) group, forensic analysis revealed the incident was a "false flag" masquerade.

Rapid7
The Threat CodexJul 29, 2025
Unmasking the new Chaos RaaS group attacks
#ChaosRaaSGroup
https://blog.talosintelligence.com/new-chaos-ransomware/
Unmasking the new Chaos RaaS group attacks

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.

Cisco Talos Blog