Iranian government hackers using Chaos ransomware as cover, researchers say

Thursday, May 7, 2026 at 09:30 PM UTC·Source: The Record

Updated: Thursday, May 7, 2026 at 10:01 PM UTC

Executive Summary

Incident responders from cybersecurity firm Rapid7 published a report about a recent intrusion that initially appeared to be a Chaos ransomware attack but was later discovered to be an attack attributed to MuddyWater, an Iranian APT group tied to the country’s Ministry of Intelligence and Security (MOIS).

Analysis

Source Attribution

Originally published by The Record on May 7, 2026.

Related Threats

CRITICALRansomware

The Dark Side of Efficiency: When Network Controllers Become "God Mode" for Attackers

Imagine you build a massive corporate campus with every security control money can buy. Blast resistant doors. Biometric scanners. Guards at every entrance. Maybe something similar to the infamous Death Star. On paper, it looks fantastic. Then, somewhere along the way, somebody decides the maintenance team needs a universal key that opens every door in the building without setting off any alarms.

CVE-2026-20182CVE-2026-20127

6h agoRapid7

HIGHRansomware

Major tech manufacturer Foxconn confirms cyberattack hit North American factories

The ransomware group Nitrogen claimed responsibility for the attack and said it stole 8 terabytes of data spanning more than 11 million files belonging to the company’s top customers. The post Major tech manufacturer Foxconn confirms cyberattack hit North American factories appeared first on CyberScoop .

8h agoCyberScoop

HIGHRansomware

Foxconn Attack Highlights Manufacturing's Cyber Crisis

A Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.

10h agoDark Reading