UNCLASSIFIED // FOR PUBLIC RELEASEINTELLIGENCE BRIEFING ACTIVESPYWITNESS NEWS
INTELLIGENCE REPORT
SPYWITNESS
NEWS & ANALYSIS
ESTABLISHED 2023
▌ LIVE INTELLIGENCE FEED
▌ OPERATIONAL SECTOR

Cyber and Information Warfare

2 BRIEFS FILED
THREAT ASSESSMENT // MOIS OPERATIONS

MuddyWater Deploys Chaos Ransomware as MOIS Espionage Cover: Iran Escalates Dual-Use Cyber Operations

Available reporting indicates Iranian state-sponsored actor MuddyWater has deployed Chaos ransomware in operations assessed with moderate confidence as intelligence collection campaigns using destructive malware as cover, marking a tactical evolution in how Iran's Ministry of Intelligence and Security conducts espionage under commercial-crime deniability.

MODERATECyber and Information Warfare26 MAY 2026
CYBER-INTEL // TIER 1 THREAT

Salt Typhoon Breaches IBM Italy Subsidiary: China's Telecom Espionage Reaches European Infrastructure

China's Salt Typhoon APT group has extended its telecommunications espionage campaign to European infrastructure, with an IBM subsidiary in Italy assessed with high confidence to have been accessed for approximately two weeks before detection — the first confirmed Salt Typhoon foothold on Italian soil.

HIGH CONFIDENCECyber and Information Warfare26 MAY 2026