Iranian MuddyWater APT Group Disguises Espionage Operations as Cybercrime Using Chaos Ransomware

The Iranian state-sponsored Advanced Persistent Threat (APT) group MuddyWater has been identified conducting geopolitical espionage operations while disguising its activities as cybercrime through the use of ransomware-as-a-service (RaaS), specifically leveraging Chaos ransomware. The group, affiliated with the Iranian government, exploited criminal cybercrime ecosystems to mask its intelligence-gathering and prepare for future offensive cyber operations. This activity demonstrates the dissolving boundaries between cybercrime and state-sponsored cyberwarfare. No specific technical details, dates, or impacted entities were disclosed in the report.