False Flag

The Iranian state-sponsored hacking group known as MuddyWater (also as Mango Sandstorm, Seedworm, and Static Kitten) has been implicated in a “false flag” ransomware attack, according to a report from Rapid7. This incident, observed in early 2026, shows increasing sophistication and an attempt to blur attribution by adopting cybercrime tactics. False Flag Attack and Sophisticated Tactics The initial attack appeared consistent with a ransomware-as-a-service (RaaS) group operating under the Chaos brand. However, evidence suggests this is a state-backed targeted attack disguised as opportunistic extortion. ...

The cybercriminal group known as Silver Fox has been identified orchestrating a “false flag” operation to imitate a Russian threat group. This tactic seeks to camouflage its attacks directed at organizations in China. The SEO poisoning campaign uses Microsoft Teams lures to trick unsuspecting users into downloading a malicious installation file. This file eventually deploys ValleyRAT (Winos 4.0), a malware associated with Chinese cybercrime groups. The activity has been taking place since November 2025. ...