Remote Access Tools | Breaking Cybersecurity News | The Hacker News

The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to leverage social engineering techniques via Microsoft Teams to initiate the infection sequence. Although the incident initially appeared to be consistent with a ransomware-as-a-service (RaaS) group operating under the Chaos brand, evidence points to it being a targeted state-backed attack that masquerades as opportunistic extortion. "The campaign was characterized by a high-touch social engineering phase conducted via Microsoft Teams , where the attackers utilized interactive screen-sharing to harvest credentials and manipulate multi-factor authentication (MFA)," Rapid7 said in a report shared with The Hacker News. "Once inside, the group bypassed traditional ransomware workflows, for...

The U.S. Federal Bureau of Investigation (FBI) has warned of social engineering attacks mounted by a criminal extortion actor known as Luna Moth targeting law firms over the past two years. The campaign leverages "information technology (IT) themed social engineering calls, and callback phishing emails, to gain remote access to systems or devices and steal sensitive data to extort the victims," the FBI said in an advisory. Luna Moth, also called Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753, is known to be active since at least 2022 , primarily employing a tactic called callback phishing or telephone-oriented attack delivery (TOAD) to trick unsuspecting users into calling phone numbers listed in benign-looking phishing emails related to invoices and subscription payments. It's worth mentioning here that Luna Moth refers to the same hacking crew that previously carried out BazarCall (aka BazaCall) campaigns to deploy ransomware like Conti . The ...