OTX BotMay 17

MuddyWater APT Used Raas for Cyber Espionage Campaign

Pulse ID: 6a09ae6a0a2c2feb589cb316
Pulse Link: https://otx.alienvault.com/pulse/6a09ae6a0a2c2feb589cb316
Pulse Author: cryptocti
Created: 2026-05-17 12:02:50

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #Espionage #InfoSec #MuddyWater #OTX #OpenThreatExchange #RaaS #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
CyberNetsecIOMay 14

๐Ÿ“ฐ Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

โš ๏ธ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel

๐Ÿ”— https://cyber.netsecops.io/articles/iranian-apt-muddywater-uses-microsoft-teams-for-false-flag-ransomware-attacks/?utm_sourโ€ฆ

Analyst207May 13

Iranian Hackers Target Electronics Maker in Global Espionage Push

Iran-linked hackers, known as MuddyWater, infiltrated a major South Korean electronics manufacturer's network for a week in February 2026, as part of a massive global cyber-espionage campaign targeting nine high-profile organizations across multiple sectors and countries.

https://osintsights.com/iranian-hackers-target-electronics-maker-in-global-espionage-push?utm_source=mastodon&utm_medium=social

#Muddywater #Seedworm #CyberEspionage #DllSideloading #Chromelevator

Iranian Hackers Target Electronics Maker in Global Espionage Push

Discover how Iranian hackers MuddyWater use cyber-espionage to target global electronics makers and more - learn how to protect your organization now effectively.

OSINTSights
CyberNetsecIOMay 11

๐Ÿ“ฐ Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

โš ๏ธ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel

๐Ÿ”— https://cyber.netsecops.io

Celti ๐ŸŒ˜ ๐ŸŒ’๐ŸŒฑ๐Ÿ’ฆ๐Ÿ€May 11

"Oooh sad sad day..."

#MuddyWater

https://inv.nadeko.net/watch?v=rr95dBC1bOw

#PouetRadio #Blues #Mastobada

CyberNetsecIOMay 7

๐Ÿ“ฐ Iranian APT MuddyWater Masquerades as Ransomware Group in Microsoft Teams-Based Espionage Campaign

โš ๏ธ Iranian APT MuddyWater targets orgs via Microsoft Teams, posing as a ransomware group. The real goal: espionage & data theft. Attackers trick users in screen-shares to steal credentials, bypassing MFA. #MuddyWater #CyberEspionage #ThreatIntel

๐Ÿ”— https://cyber.netsecops.io

(in)sicurezza digitaleMay 7

MuddyWater usa il ransomware Chaos come falsa bandiera: lโ€™Iran maschera lo spionaggio di Stato da cybercrime

Il gruppo APT iraniano MuddyWater ha condotto un'operazione di cyberspionaggio mascherandola da attacco ransomware Chaos. Rapid7 rivela come Microsoft Teams sia stato usato per rubare credenziali e bypassare l'MFA, con il vero obiettivo di esfiltrazione dati e persistenza a lungo termine: non l'estorsione finanziaria.

https://insicurezzadigitale.com/muddywater-usa-il-ransomware-chaos-come-falsa-bandiera-liran-maschera-lo-spionaggio-di-stato-da-cybercrime/

The New OilMay 7

#MuddyWater hackers use #Chaos #ransomware as a decoy in attacks

https://www.bleepingcomputer.com/news/security/muddywater-hackers-use-chaos-ransomware-as-a-decoy-in-attacks/

#cybersecurity #Iran

MuddyWater hackers use Chaos ransomware as a decoy in attacks

The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on  Microsoft Teams social engineering to gain access and establish persistence.

BleepingComputer
The Threat CodexMay 6
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware
#ChaosRaaSGroup #MuddyWater
https://www.rapid7.com/blog/post/tr-muddying-tracks-state-sponsored-shadow-behind-chaos-ransomware/
Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware

In early 2026, a sophisticated intrusion initially appearing to be a standard Chaos ransomware attack was assessed to be consistent with a targeted state-sponsored operation. While the threat actor operated under the banner of the Chaos ransomware-as-a-service (RaaS) group, forensic analysis revealed the incident was a "false flag" masquerade.

Rapid7
Analyst207May 6

MuddyWater Exploits Microsoft Teams in False Flag Ransomware Attacks

MuddyWater hackers are impersonating Chaos ransomware affiliates, using clever social engineering tactics via Microsoft Teams to steal credentials and gain access to sensitive systems. Their sophisticated campaign involves interactive screen-sharing and manipulation of multi-factor authentication.

https://osintsights.com/muddywater-exploits-microsoft-teams-in-false-flag-ransomware-attacks?utm_source=mastodon&utm_medium=social

#Muddywater #MicrosoftTeams #RansomwareAttacks #MfaBypass #FalseFlag

MuddyWater Exploits Microsoft Teams in False Flag Ransomware Attacks

Learn how MuddyWater exploits Microsoft Teams in false flag ransomware attacks and protect your organization now with expert security tips and best practices.

OSINTSights