An Iranian state-sponsored espionage group is pretending to be a regular ransomware gang in a new wave of ransomware attacks targeting enterprises.
APT group MuddyWater (aka Seedworm) is masquerading as the Chaos ransomware-as-a-service group to confuse incident response and mask its spying and cyber-sabotage, according to research by security vendor Rapid7.
The attacks — geared toward stealing data rather than encrypting it — typically involve social engineering through messaging platforms such as Microsoft Teams. More specifically, the attackers utilized interactive screensharing to harvest credentials and manipulate multifactor authentication (MFA).
The attackers gained long-term persiste...