Advanced-Persistent-Threat on Blog - Comfidentiahttps://blog.comfidentia.cl/en/tags/advanced-persistent-threat/Recent content in Advanced-Persistent-Threat on Blog - ComfidentiaHugoenWed, 06 May 2026 00:00:00 +0000MuddyWater uses 'false flag' ransomware in Iranian state-sponsored attackshttps://blog.comfidentia.cl/en/2026/05/06/muddywater-utiliza-falsa-bandera-de-ransomware-en-ataques-patrocinados-por-el-estado-irani/Wed, 06 May 2026 00:00:00 +0000https://blog.comfidentia.cl/en/2026/05/06/muddywater-utiliza-falsa-bandera-de-ransomware-en-ataques-patrocinados-por-el-estado-irani/<p><img alt="Hacking group using Microsoft Teams to attacks" loading="lazy" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVjDsxh9wAjgeuY-DR1pNCwLSXG-x4vStK9pXlZHOGorecolrG32u587NfG2hbhOnTNCS-RbgshrxzTEFECXOjjzYCeDxZFqFDHvzrekLKuvnBtIT7WW82tpEwd-Sr18pt-7Xb-5A2sTtbS1SaPTA_UK7UcSeDCBNiGmYa2vkqzekkU7WrNZCZzlrZKmUK/s1600/overview.jpg"></p> <p>The Iranian state-sponsored hacking group known as MuddyWater (also as Mango Sandstorm, Seedworm, and Static Kitten) has been implicated in a &ldquo;false flag&rdquo; ransomware attack, according to a report from Rapid7. This incident, observed in early 2026, shows increasing sophistication and an attempt to blur attribution by adopting cybercrime tactics.</p> <h2 id="false-flag-attack-and-sophisticated-tactics">False Flag Attack and Sophisticated Tactics</h2> <p>The initial attack appeared consistent with a ransomware-as-a-service (RaaS) group operating under the Chaos brand. However, evidence suggests this is a state-backed targeted attack disguised as opportunistic extortion.</p>