Iranian APT MuddyWater Deploys Chaos Ransomware as False Flag in Espionage Campaign
In early 2026, cybersecurity firm Rapid7 uncovered a sophisticated hybrid espionage campaign orchestrated by the Iranian Advanced Persistent Threat (APT) group MuddyWater (also known as Mango Sandstorm, Seedworm, or Static Kitten), affiliated with Iran’s Ministry of Intelligence and Security (MOIS). Initially appearing as a Chaos ransomware attack a financially motivated operation the intrusion was later revealed to be a false flag designed to mask state-sponsored intelligence-gathering efforts.
Attack Vector & Tactics
The campaign began with unsolicited Microsoft Teams messages sent to employees, often impersonating IT support. Attackers engaged victims in interactive screen-sharing sessions, instructing them to:
- Enter credentials into locally created files (credentials.txt, cred.txt).
- Add attacker-controlled devices to their MFA configurations.
- Execute discovery commands (ipconfig /all, whoami, net start).
This technique exploited Teams’ trusted environment, bypassing traditional security controls a tactic observed in multiple 2026 campaigns, including a large-scale credential theft operation documented by Microsoft Defender Research in March.
Post-Compromise Activity
After harvesting credentials, the threat actor:
- Authenticated to Domain Controllers using stolen accounts.
- Deployed DWAgent and AnyDesk for persistent remote access.
- Delivered a custom downloader (ms_upd.exe) from a command-and-control (C2) server (172.86.126[.]208:443), which registered victims with the domain moonzonet[.]com.
- Installed Game.exe, a Remote Access Trojan (RAT) disguised as a legitimate Microsoft WebView2 application, enabling:
- Arbitrary command execution (via cmd.exe or encoded PowerShell).
- Chunked file uploads and interactive shell access.
- Sandbox and virtual machine detection.
- AES-256-GCM encrypted configuration storage (though critical strings remained in plaintext).
False Flag & Attribution
The use of Chaos ransomware a RaaS known for double-extortion tactics was a deliberate misdirection. MuddyWater’s true objective was data exfiltration and long-term persistence, not financial gain. Key attribution evidence included:
- A code-signing certificate (Donald Gay, thumbprint B674578D4BDB24CD58BF2DC884EAA658B7AA250C) previously linked to MuddyWater’s Operation Olalampo (2026).
- The C2 domain moonzonet[.]com, tied to prior MuddyWater activity targeting U.S. and MENA organizations.
- Python-based process injection (pythonw.exe), a hallmark of the group’s toolkit.
- Teams-based MFA harvesting, consistent with MuddyWater’s 2026 social engineering patterns.
Impact & Targets
The campaign primarily targeted Western organizations, including those in the U.S. and MENA region. By framing the attack as ransomware, MuddyWater diverted attention from its espionage objectives, allowing persistent access via DWAgent, AnyDesk, and the Game.exe RAT.
Chaos ransomware, which emerged in 2025 as a successor to BlackSuit, has claimed 36 victims as of March 2026, predominantly in construction, manufacturing, and business services. MuddyWater’s adoption of this brand aligns with its 2025 use of Qilin RaaS in a similar false-flag operation.
Key Indicators of Compromise (IOCs)
- Initial access: Unsolicited Teams chats with screen-sharing requests.
- Credential theft: credentials.txt or cred.txt files in user directories.
- Persistence: Dual deployment of DWAgent + AnyDesk alongside RDP lateral movement.
- C2 infrastructure: moonzonet[.]com, uploadfiler[.]com, adm-pulse[.]com.
Source: https://cybersecuritynews.com/hackers-use-teams-steal-credentials/
Rapid7 cybersecurity rating report: https://www.rankiteo.com/company/rapid7
"id": "RAP1778084674",
"linkid": "rapid7",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': ['Construction',
'Manufacturing',
'Business Services',
'Western and MENA region entities'],
'location': ['U.S.', 'MENA'],
'type': 'Organizations'}],
'attack_vector': 'Unsolicited Microsoft Teams messages with interactive '
'screen-sharing sessions',
'data_breach': {'data_encryption': 'AES-256-GCM (for RAT configuration)',
'data_exfiltration': True,
'file_types_exposed': ['credentials.txt', 'cred.txt'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, internal communications)',
'type_of_data_compromised': ['Credentials',
'Organizational intelligence']},
'date_detected': '2026-01-01',
'description': 'In early 2026, cybersecurity firm Rapid7 uncovered a '
'sophisticated hybrid espionage campaign orchestrated by the '
'Iranian Advanced Persistent Threat (APT) group MuddyWater '
'(also known as Mango Sandstorm, Seedworm, or Static Kitten), '
'affiliated with Iran’s Ministry of Intelligence and Security '
'(MOIS). Initially appearing as a Chaos ransomware attack—a '
'financially motivated operation—the intrusion was later '
'revealed to be a false flag designed to mask state-sponsored '
'intelligence-gathering efforts.',
'impact': {'data_compromised': 'Credentials, sensitive organizational data',
'identity_theft_risk': 'High (PII exposure)',
'operational_impact': 'Persistent remote access, data exfiltration',
'systems_affected': ['Domain Controllers',
'Endpoints with DWAgent/AnyDesk']},
'initial_access_broker': {'backdoors_established': ['DWAgent',
'AnyDesk',
'Game.exe RAT'],
'entry_point': 'Microsoft Teams (social '
'engineering)',
'high_value_targets': 'Domain Controllers, '
'privileged accounts'},
'investigation_status': 'Ongoing',
'lessons_learned': 'MuddyWater leveraged trusted platforms (Microsoft Teams) '
'for credential harvesting and MFA bypass, demonstrating '
'the need for heightened scrutiny of interactive sessions '
'and MFA enrollment changes.',
'motivation': ['Espionage', 'Intelligence Gathering'],
'post_incident_analysis': {'corrective_actions': ['Implement strict MFA '
'enrollment policies',
'Enhance monitoring for '
'Teams-based attacks',
'Deploy behavioral '
'analytics for RAT '
'detection'],
'root_causes': ['Exploitation of trusted platforms '
'(Teams) for social engineering',
'Lack of MFA enrollment controls',
'Delayed detection of RAT '
'persistence']},
'ransomware': {'data_exfiltration': True,
'ransomware_strain': 'Chaos Ransomware (false flag)'},
'recommendations': ['Monitor unsolicited Teams messages and screen-sharing '
'requests.',
'Restrict MFA device enrollment to authorized personnel '
'only.',
'Deploy EDR/XDR solutions to detect RATs like Game.exe.',
'Hunt for DWAgent/AnyDesk persistence mechanisms.',
'Validate code-signing certificates for unusual issuers '
"(e.g., 'Donald Gay')."],
'references': [{'source': 'Rapid7'},
{'source': 'Microsoft Defender Research'}],
'response': {'third_party_assistance': 'Rapid7 (cybersecurity firm)'},
'threat_actor': 'MuddyWater (Mango Sandstorm, Seedworm, Static Kitten)',
'title': 'Iranian APT MuddyWater Deploys Chaos Ransomware as False Flag in '
'Espionage Campaign',
'type': ['Espionage', 'False Flag Ransomware'],
'vulnerability_exploited': 'Social engineering (MFA bypass via Teams '
'screen-sharing)'}