Iranian advanced persistent threat actors have been uncovered posing as members of the Chaos ransomware group in a targeted espionage campaign. This false flag operation, revealed by Rapid7, aimed to disguise the true intentions of the Iranian threat actors, who sought to compromise targeted systems without arousing suspicion. By masquerading as Chaos ransomware, the attackers attempted to create a smokescreen, obscuring their actual goals of espionage and data exfiltration. The campaign highlights the complex and evolving nature of threat actor tactics, where adversaries employ deception to achieve their objectives1. The use of false flag operations by nation-state actors underscores the importance of robust operational resilience planning, particularly in sectors that are frequently targeted by such campaigns. This incident serves as a reminder that ransomware attacks can be merely a cover for more sinister activities, making it essential for organizations to remain vigilant and proactive in their defense strategies.