1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Iranian hackers launch ransomware campaign looking to steal detai

    From TechnologyDaily@1337:1/100 to All on Thursday, May 07, 2026 17:00:44
    Iranian hackers launch ransomware campaign looking to steal details via Microsoft Teams

    Date:
    Thu, 07 May 2026 15:45:00 +0000

    Description:
    An espionage campaign was concealed behind a ransomware attack by a
    commercial actor.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Iranian APT MuddyWater posed as IT staff via Microsoft Teams, tricking victims into granting remote access They deployed infostealers, altered MFA, exfiltrated data, and staged a Chaos ransomware infection as cover Researchers concluded the true motive was espionage, not profit, highlighting statesponsored tradecraft overlap with criminal tactics Iranian state-sponsored hackers ran a cyber-espionage campaign, and then tried to throw investigators off track with a ransomware infection, experts have warned.

    An investigation into a recent attack from security researchers Rapid7 found how an unnamed victim was recently approached via Microsoft Teams, by someone from outside their organization. They posed as IT technicians, discussed solving a technical problem with the victim, and managed to get them to install and run an AnyDesk session. After getting remote access, they
    deployed different malware and infostealer variants, harvesting credentials and modifying multi-factor authentication (MFA) settings, establishing persistence, and exfiltrating sensitive information from the now-compromised endpoints. You may like Iranian "Charming Kitten" hackers used old Cold War methods to steal tech secrets New cyber scam abuses Microsoft Teams to steal your data Microsoft flags China-based hackers using vicious new 'rapid
    attack' zero-days to launch ransomware at targets across the world Latest Videos From MuddyWater behind the attacks The final move was to deploy the Chaos ransomware encryptor. Chaos is a relatively new RaaS operation, first observed in 2025 and known for targeting large entities, double-extortion tactics, and social engineering.

    The majority of their victims are located in the United States. The victim of this attack was even added to Chaos data leak site, making it all look as if this was, indeed, a ransomware attack.

    However, Rapid7 cant be fooled. After analyzing the techniques, code-signing certificates, and other operational tradecraft, the researchers determined - with moderate confidence - that this was in fact the work of MuddyWater, a threat actor also known as Static Kitten, Mango Sandstorm, and Seedworm.

    The strategy highlights the convergence between state-sponsored intrusion activity and criminal tradecraft, where a big tell lies in the techniques
    that were deployed - and those that werent. This strategy suggests the
    primary goal was not financial gain, Rapid7 said in its report. Are you a
    pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    MuddyWater is apparently on the payroll of the Iranian Ministry of Intelligence and Security (MOIS). The Iranian government has multiple hacking collectives doing its bidding, which is mostly cyber-espionage and data harvesting. These include CyberAv3ngers, APT35 (AKA Charming Kitten), and APT 34 (AKA OilRig or Helix Kitten).

    Via BleepingComputer The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/iranian-hackers-launch-ransomware-campa ign-looking-to-steal-details-via-microsoft-teams


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)