NEWS
Iran’s MuddyWater Wears Chaos Ransomware Mask in U.S. Hack Spree
A hacking crew tied to Iran’s Ministry of Intelligence and Security spent at least three months pretending to be a criminal extortion gang, slipping into U.S. networks under the cover of a ransomware brand named Chaos. Rapid7’s threat intelligence team published the attribution on May 6, 2026, after pulling apart code-signing certificates that linked the operation to MuddyWater, the long-running cyber-espionage cluster also tracked as Earth Vetala and Mango Sandstorm.
The Iranian operators worked the phones first. They opened Microsoft Teams chats with employees at their targets, requested screen-sharing sessions, and walked victims through typing their own credentials into a local text file. Once those passwords landed in the hackers’ hands, the operators bypassed multifactor authentication and pushed remote-access tools onto domain controllers. The ransomware noise came later, designed to look like a Chaos affiliate cashing out instead of a state agency stealing intelligence.
How MuddyWater Built the False Flag Disguise
The campaign began in February 2026 and continued through at least April, according to Rapid7’s published technical analysis. MuddyWater chose Chaos for a reason. The criminal group was new, loud, and growing fast, with 36 confirmed victims by March across construction, manufacturing, and business services.
Initial access ran through Teams external chat. The attackers posed as IT help desk staff and convinced employees to share their screens, then directed them to type usernames and passwords into a Notepad file the attacker could read in real time. Some victims were instead routed to phishing pages styled as Microsoft Quick Assist. Either path produced clean credentials and live MFA prompts the operators could approve themselves.
Persistence followed within minutes. Operators authenticated to internal systems, jumped to a domain controller, and dropped DWAgent’s remote control client alongside AnyDesk and standard RDP. Each of those tools is signed software with legitimate uses, which made detection harder for endpoint products tuned to block obvious malware first.

The Code-Signing Slip That Cracked the Cover
The attribution hinges on a name. A code-signing certificate registered to “Donald Gay” was used to sign a loader called ms_upd.exe, the file that delivered the campaign’s main backdoor. Rapid7 had seen that exact certificate before, signing CastleLoader payloads and a downloader called Fakeset that earlier MuddyWater operations relied on. Reusing infrastructure across campaigns is the kind of operational shortcut that breaks state-linked cover.
The backdoor itself, named Game.exe, carried a separate Authenticode signature traced to MuddyWater’s earlier toolkits. Its command-and-control domain matched infrastructure already attributed to Iran’s MOIS in prior incident reports indexed on the MITRE ATT&CK MuddyWater group profile. Two strong indicators, on the same intrusion, neither shared with any known criminal ransomware affiliate.
Christiaan Beek, vice president of cyber intelligence at Rapid7, told Cybersecurity Dive the disguise served a clear purpose for an intelligence service.
“If an operation looks like ransomware, defenders may initially treat it as financially motivated cybercrime rather than a state-linked operation. That can slow attribution, complicate response, and give the actor plausible deniability,” said Beek.
That gap matters. A breached organization that believes it is dealing with extortion will haggle over decryption keys, scrub the network for crypto wallets, and miss the actual prize. Iran was after data, not bitcoin.
Why Chaos Made the Perfect Mask
Chaos ransomware emerged in 2025 in the vacuum left after international police took down BlackSuit, the rebranded Royal ransomware crew. The Justice Department announcement of Operation Checkmate on July 24, 2025 confirmed the seizure of four servers and nine domains, plus the recovery of about $1.09 million in ransom payments. Royal and BlackSuit had hit more than 450 U.S. victims since 2022 and pulled in over $370 million in extortion proceeds, according to the same filing. Homeland Security Investigations led the international coordination, alongside Europol and partners in Germany, Ukraine, Lithuania, Ireland and France.
Chaos picked up the playbook BlackSuit left behind: voice-phishing, IT impersonation, and a public leak site advertised on dark web forums. By the time MuddyWater started running its February campaign, Chaos already had a plausible kill chain, a victim count, and a brand recognizable to incident responders. Wearing that brand cost Iran nothing and bought it weeks of confusion.
The Toolset Tehran Brought to Teams
The malware chain ran in two stages. The signed loader ms_upd.exe arrived disguised as a Microsoft WebView2 component, dropped Game.exe, and unpacked the second stage as a custom remote access Trojan that Rapid7 calls Darkcomp. The RAT supports twelve commands including PowerShell execution, CMD execution, file upload, file deletion, and persistent shell sessions.
Anti-analysis routines fire before the RAT calls home. Game.exe checks for virtualization indicators, debuggers, and sandbox artifacts, then delays execution if any are present. That logic, paired with the legitimate Authenticode signature, lets the binary survive a default scan from most endpoint detection products.
Once inside, the operators leaned on commodity remote management software the way ransomware affiliates do. Three tools showed up across multiple incidents:
- DWAgent for the initial persistent foothold on user workstations.
- AnyDesk for lateral movement once domain credentials were captured.
- Native Windows RDP for sustained access to the domain controller and high-value servers.
Each of those products is widely deployed by legitimate IT teams. Blocking them outright breaks normal operations. MuddyWater picked them for that exact reason, and Rapid7’s published guidance on Teams-based phishing recommends behavioral baselines rather than static blocklists.
The signing fingerprint on Game.exe is the cleanest detection opportunity defenders have. Any binary with a Microsoft WebView2 description but a publisher field tied to the Donald Gay certificate is, by Rapid7’s count, MuddyWater code regardless of what the surrounding extortion note claims.
Targets Stretching From Jordan to Australia
Rapid7 said the campaign focused on organizations of strategic value to Iran, including some government bodies. The U.S. was the heaviest concentration, but telemetry showed confirmed intrusions in Jordan and Australia, plus broader targeting across the Middle East and South Asia.
The geography fits MuddyWater’s standing remit. ESET’s research team, which has tracked the cluster for years, has documented MuddyWater operations against Israeli and Egyptian critical infrastructure in ESET’s Snakes by the Riverbank technical report. The 2026 campaign extends that pattern into the Pacific, with Australian targeting marking a notable widening of MuddyWater’s collection priorities.
Jordan and Australia are both intelligence-sharing partners of the United States. Hitting all three through a single false-flag operation gives Tehran a way to test allied incident-response coordination without owning the attack publicly.
What Defenders Should Change This Week
The Teams attack vector is the immediate exposure. Microsoft allows external chat by default in many tenants, which means any attacker with a Teams account can message employees who have never spoken to them before. Rapid7’s writeup recommends restricting external Teams communication to a narrow allowlist of partner domains, then logging every cross-tenant chat for review.
Screen sharing is the second pivot point. The attacks worked because employees treated screen-share requests from strangers the same way they treat them from internal IT. That muscle memory needs to break.
Five concrete steps map to the observed kill chain:
- Disable external Teams chat by default and require admin approval for any new federation.
- Block screen sharing in chats with external users through the Teams admin center policy.
- Hunt for new DWAgent installations across endpoints that do not have a documented IT use case.
- Alert on Authenticode signatures tied to the Donald Gay code-signing certificate Rapid7 published.
- Review domain controller logons in the past 90 days for accounts that authenticated from new workstations within minutes of a Teams external chat event.
Conditional access policies built on phishing-resistant MFA, like FIDO2 hardware keys, would have stopped the credential bypass at step one. Password-and-SMS combinations did not. Organizations still relying on text-message MFA should treat the MuddyWater playbook as a forcing function for upgrade.
Incident response teams that already triaged a Chaos ransomware event in 2026 should re-examine the indicators. If the intrusion involved Microsoft Teams initial access, DWAgent persistence, and a Game.exe binary signed with the Donald Gay certificate, the case file is misclassified. The actor behind the keyboard reported to Tehran, not to a Telegram extortion channel.
Federal partners are watching too. The Cybersecurity and Infrastructure Security Agency has not issued an emergency directive on the MuddyWater campaign as of publication, but past Iran-attributed activity has produced binding operational directives for federal civilian agencies within weeks of disclosure.
Frequently Asked Questions
How Do I Know If My Organization Was Hit by This Specific Campaign?
Check three places. Pull Microsoft Teams audit logs for external chat invitations between February 1 and April 30, 2026, and flag any that escalated into screen-sharing sessions. Scan endpoints for DWAgent, AnyDesk, and a binary named Game.exe with a Microsoft WebView2 description. Then query Authenticode signatures for the publisher name Donald Gay published in Rapid7’s indicator list, and isolate any host that returns a match for triage.
Will Disabling External Teams Chat Break Normal Business?
Yes for some teams, no for most. Sales, recruiting, and partner management groups rely on external Teams federation and need an allowlisted exception. Engineering, finance, and back-office functions typically do not, and can run with external chat disabled with no operational impact. Microsoft documents the policy under Teams admin center, External access; changes apply within an hour and are reversible per partner domain.
Is Chaos Ransomware Itself Still Active and Dangerous?
Yes. Chaos remained an independent criminal operation through April 2026 with 36 known victims of its own, primarily in U.S. construction and manufacturing. The MuddyWater false flag does not absorb or replace Chaos. Defenders facing a Chaos extortion note should still treat it as a financially motivated intrusion unless the indicators specifically match the MuddyWater toolset, certificate, and Teams initial-access pattern described above.
Should I Pay an Iranian State Operator a Ransom?
No, and you legally cannot in many cases. The Office of Foreign Assets Control sanctions Iran’s Ministry of Intelligence and Security, which means a payment to a MuddyWater-controlled wallet may violate U.S. sanctions law even if the demand looks like ordinary ransomware. Contact the FBI’s IC3 portal at ic3.gov and your incident response counsel before any payment discussion is opened with the threat actor.
The MuddyWater campaign is one more reminder that attribution is itself a defensive asset. The faster a security team identifies who is on the other end of the keyboard, the faster they pick the right playbook, the right escalation path, and the right legal posture. Rapid7’s disclosure on May 6 hands defenders that head start.
Disclaimer: This article reports on a publicly disclosed cyber-espionage campaign and includes general defender guidance. The information is for awareness only and should not replace formal incident response procedures. Security teams should validate every detection rule and remediation step in a controlled environment before production deployment, consult current vendor advisories from Rapid7 and Microsoft, and engage their security operations center for environment-specific containment guidance.
-
NEWS4 weeks agoGoogle Search Profiles Build a Follow Graph Inside Discover
-
GAMING3 weeks agoMicrosoft Xbox Layoffs Start in July as Sharma Slams 3% Margin
-
AI1 week agoGoogle DeepMind and A24 Sign $75 Million AI Partnership Deal
-
AI1 week agoAnthropic Tells Senators Alibaba Ran the Largest Claude Distillation Attack
-
APPS3 weeks agoDGO App Brings Rs 549 Mobile Pass for FIFA World Cup 2026 in Nepal
-
NEWS2 months agoApple Strikes Preliminary Deal For Intel To Make iPhone And Mac Chips
-
AI1 week agoOracle Cuts 21,000 Jobs in a Year, Cites AI in 10-K Filing
-
CRYPTO2 months agoAndreessen Horowitz Bets $2.2B on Crypto’s Quiet Cycle
