Iran-Linked APT Group Uses Deception in Espionage Campaign

Cybersecurity firm Rapid7 identified an Iran-linked advanced persistent threat (APT) group conducting an espionage campaign by impersonating a member of the Chaos ransomware operation. The threat actor used this false flag tactic to obscure their origins while targeting organizations, though specific victims or sectors were not disclosed. The campaign leverages Chaos ransomware-associated tools and infrastructure, but no actual ransomware deployment or financial extortion was observed—indicating a focus on intelligence gathering. No technical indicators, CVE IDs, or exact dates were provided in the report. The operation highlights the use of deception to mislead attribution efforts. The findings were published by Infosecurity Magazine.