A grouping of hackers called Muddled Libra has come under the spotlight for its targeting of US organizations with ransomware attacks
It uses social engineering tactics, including cold-calling workers to gain entry to victim organizations, and then hands the ransomware attack over to a ransomware-as-a-service partner.
Muddled Libra has targeted English-speaking countries and its tactics have caught the attention of the media and researchers because its “playbook is pretty consistent” and its attacks come in waves targeting specific industries.
One analyst said 50% of Muddled Libra cases in 2025 led to a DragonForce ransomware deployment and data exfiltration.
Victims of the group have also expressed concern about being singled out for attack, and say the group uses fluent English-speaking tactics to surgical select targets.
Researchers believe the group’s success could lead to other ransomware-as-a-service partners adopting similar tactics.
