MuddyWater, an Iranian hacking group, has been using Chaos ransomware as a smokescreen to conceal their true intentions in recent attacks. By disguising their operations as a ransomware attack, the group aims to distract from their actual goals, which involve gaining access and establishing persistence within targeted networks. The hackers rely on social engineering tactics, specifically targeting Microsoft Teams users, to gain an initial foothold. This approach allows them to fly under the radar, making it more challenging for security teams to detect and respond to the threat. The use of Chaos ransomware as a decoy highlights the group's sophistication and ability to adapt to evolving security measures1. This tactic matters to security practitioners because it underscores the importance of looking beyond the surface level of an attack to identify the true intentions and motivations of the threat actors, making operational resilience planning crucial in mitigating such threats.