APT / THREAT GROUP💰 FINANCIALHIGH
Chaos
6
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Multi-functional malware written in Go, targeting both Linux and Windows, evolved from elf.kaiji.
Threat Analysis
Chaos is a high-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.
Financially motivated threat actors like Chaos prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
With high sophistication, Chaos is capable of targeted intrusions using adapted commodity tools alongside custom implants, maintaining operational security and evading standard detection mechanisms.
Intelligence Reports Mentioning Chaos
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
The Hacker News· May 25, 2026
Researchers left AI agents alone in a virtual town and watched it all unravel
Malwarebytes Labs· May 21, 2026
Deal Reached With Hackers to Delete Data Stolen From the Canvas Educational Platform
SecurityWeek· May 12, 2026
Cyberattack Hits Canvas System Used by Thousands of Schools as Finals Loom
SecurityWeek· May 8, 2026
Iranian government hackers using Chaos ransomware as cover, researchers say
The Record· May 7, 2026
MuddyWater hackers use Chaos ransomware as a decoy in attacks
BleepingComputer· May 6, 2026
Iran-Linked APT Posed as Chaos Ransomware Member in Espionage Campaign
Infosecurity Magazine· May 6, 2026
Iranian APT Intrusion Masquerades as Chaos Ransomware Attack
SecurityWeek· May 6, 2026
External References
Quick Facts
TypeAPT / Threat Group
Motivation💰 financial
Sophisticationhigh
Aliases6
Also Known As
RyukJokeChaosFakeRyukwin.chaosYashmaelf.chaos
External Intelligence
Malpedia: win.chaosResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.