MuddyWater uses 'false flag' ransomware in Iranian state-sponsored attacks
The Iranian state-sponsored hacking group known as MuddyWater (also as Mango Sandstorm, Seedworm, and Static Kitten) has been implicated in a “false flag” ransomware attack, according to a report from Rapid7. This incident, observed in early 2026, shows increasing sophistication and an attempt to blur attribution by adopting cybercrime tactics. False Flag Attack and Sophisticated Tactics The initial attack appeared consistent with a ransomware-as-a-service (RaaS) group operating under the Chaos brand. However, evidence suggests this is a state-backed targeted attack disguised as opportunistic extortion. ...