The operation, detected in early 2026 and detailed this week, shows how trusted workplace collaboration tools are being turned into entry points for espionage. Attackers used Teams chats and screen-sharing sessions to trick employees into handing over credentials, assist with multi-factor authentication approvals and provide access that later enabled reconnaissance, persistence and data theft.
The case stands out because the attackers appeared to borrow the branding and methods of the Chaos ransomware-as-a-service ecosystem while avoiding the central feature of a conventional ransomware operation: file encryption. That absence has sharpened concerns that the ransomware layer was used mainly as cover, giving the attackers plausible deniability and distracting defenders from a deeper intelligence-gathering mission.
MuddyWater, also tracked as Seedworm, Mango Sandstorm and Static Kitten, has long been associated with cyber-espionage activity targeting Western and Middle Eastern organisations. The group has used a mix of custom malware, compromised infrastructure and legitimate administration tools to gain access, move inside networks and maintain persistence. Its suspected connection to Iran’s Ministry of Intelligence and Security has made its activity a recurring concern for governments, critical sectors and private enterprises.
The intrusion began with external Teams chat requests to employees. The attackers posed as trusted support contacts and moved the conversation into interactive screen-sharing. Once a target was engaged, they guided the victim through actions that exposed credentials and weakened the value of MFA controls. At least one employee was instructed to type credentials into a locally created text file, while remote management tools such as AnyDesk and DWAgent were deployed to maintain access.
After gaining entry through legitimate user accounts, the attackers carried out basic discovery, reviewed VPN-related files and used remote desktop connections to download malicious executables. A file identified as ms_upd. exe initiated a multi-stage infection chain that delivered additional components, including a custom remote access trojan disguised as a Microsoft WebView2 application. The malware, identified in analysis as Game. exe or Darkcomp, was built to poll command-and-control infrastructure roughly every minute, receive commands, execute PowerShell, manipulate files and open interactive command shells.
Technical clues strengthened the attribution to MuddyWater but did not turn it into a definitive finding. A code-signing certificate associated with the name “Donald Gay” had been used in earlier malware linked to the same cluster. Command-and-control infrastructure also overlapped with activity tied to MuddyWater operations aimed at Israeli and Western targets. The use of pythonw. exe to inject code into suspended processes added another element consistent with the group’s known tradecraft.
Chaos ransomware provided the deceptive framing. The ransomware-as-a-service operation emerged in 2025 and has focused on high-value targets, particularly in the United States. Its operators have relied on social engineering, IT support impersonation, spam floods, voice phishing and remote access tools. The group has also been associated with double, triple and even quadruple extortion tactics, including data leak threats, distributed denial-of-service pressure and attempts to contact customers or competitors.
By late March 2026, Chaos had claimed 36 victims on its leak site, with construction, manufacturing and business services among the main sectors affected. Ransom demands linked to the group have reached hundreds of thousands of dollars. Those features made it a useful disguise for a state-backed actor seeking to blur the line between criminal extortion and intelligence work.
The Teams angle reflects a broader shift in phishing and intrusion tactics. Attackers are moving beyond email inboxes into real-time collaboration platforms, where employees are conditioned to respond quickly to messages from colleagues, partners and support staff. External tenant messaging, guest collaboration and “chat with anyone” functions can be exploited when organisations leave them broadly enabled without strong monitoring.
MFA remains essential, but the incident shows its limits when attackers manipulate users in real time. Push approvals, one-time codes and session access can be undermined if victims are coached through the process by someone they believe is a support technician. Phishing-resistant MFA, tighter conditional access, verified helpdesk workflows and restrictions on external Teams communication are increasingly becoming core controls rather than optional safeguards.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
