What looked like a ransomware attack earlier this year turned out to be something far more calculated. Security researchers have linked a sophisticated intrusion to MuddyWater, an Iranian state-sponsored hacking group, in what has been assessed as a deliberate false flag attack designed to look like the work of a criminal ransomware gang.
The Chaos Ransomware Cover Story
Chaos is a ransomware-as-a-service (RaaS) operation that emerged in early 2025, shortly after law enforcement disrupted the BlackSuit ransomware infrastructure. The group is known for targeting high-profile organizations, demanding ransoms of up to $300,000, and running a dark web leak site where stolen data gets published. It quickly built a reputation for aggressive social engineering tactics and double extortion.
When the intrusion first surfaced, it carried all the markings of a Chaos attack. Victims received extortion emails claiming their data had been stolen. They were directed to the Chaos leak site. An entry for the victim appeared on the group’s data leak portal. On the surface, it looked like a financially motivated criminal operation.
But it was not. No ransomware was ever deployed. No files were encrypted. The attack was a carefully constructed disguise.
How the Attack Actually Worked
The intrusion began through Microsoft Teams. Attackers reached out to employees directly, initiating one-on-one chat sessions from external accounts. They then requested screen-sharing sessions, which gave them live visibility into the victim’s systems.
During those sessions, they ran basic discovery commands to map the environment. They accessed files related to the victim’s VPN configuration. In some cases, they instructed employees to type their credentials into locally created text files named things like credentials.txt or cred.txt. In at least one instance, they pushed AnyDesk onto the victim’s machine to establish remote access independently of Teams.
MFA settings were also manipulated. Attackers added their own devices as trusted authenticators, effectively locking in their access even if the initial social engineering was later discovered.
From there, they moved deeper into the network. They authenticated to internal systems, including a Domain Controller, using the harvested credentials. They deployed a remote management tool called DWAgent to maintain persistent access, and later downloaded additional payloads using command-line tools.
One of those payloads, a file called ms_upd.exe, functioned as a downloader. It collected basic host information, registered the infected machine with a command-and-control server, and then pulled down the main payload: a custom remote access trojan called Game.exe. The RAT was disguised as a legitimate Microsoft WebView2 application and gave attackers 12 distinct capabilities, including arbitrary command execution, file upload and deletion, and the ability to open persistent interactive shells.
Data was exfiltrated, and the stolen files were eventually published on the Chaos leak site. The victim confirmed the leaked data was real.
Why This Was a False Flag Attack
The ransomware elements were present, but only as a facade. Researchers noted a series of inconsistencies that pointed away from criminal motivation and toward something more deliberate.
The most obvious sign was the absence of encryption. Real ransomware attacks encrypt files. That is the core mechanism. Here, it never happened. Extortion messaging and a leak site entry appeared, but the financial endgame of a typical ransomware operation was missing entirely.
The infrastructure told a different story. A code-signing certificate used on the downloader was tied to a known identity within MuddyWater’s toolkit, a cluster of Iranian MOIS-affiliated infrastructure researchers have been tracking. The command-and-control domain had been linked to MuddyWater in prior activity targeting Israeli and Western organizations. The execution method, using a renamed Python binary to proxy code into suspended processes, matched the group’s known tradecraft.
Researchers at Rapid7 assessed the false flag attack with moderate confidence as the work of MuddyWater, also tracked as Mango Sandstorm, Seedworm, and Static Kitten. The group operates under the direction of Iran’s Ministry of Intelligence and Security.
The logic behind using the Chaos brand is straightforward. If investigators see ransomware artifacts, their first assumption is financial crime. That assumption delays the harder question: who actually ran the intrusion, and why? By the time defenders look past the extortion emails and the leak site, the attackers have already established persistence and exfiltrated what they came for.
Christiaan Beek, VP of Cyber Intelligence at Rapid7, put it directly: if an operation looks like ransomware, defenders may treat it as financially motivated cybercrime rather than a state-linked operation.
MuddyWater’s Pattern of Ransomware Disguises
This is not the first time MuddyWater has borrowed criminal branding to cover its tracks. In late 2025, the group was linked to a Qilin ransomware attack targeting an Israeli government hospital. Before that, in 2023, Microsoft connected MuddyWater to destructive attacks carried out under the DarkBit persona. The pattern is consistent: state-sponsored intrusion dressed up as opportunistic extortion.
What changes is the costume. After the Qilin connection became public and was attributed to Iranian intelligence, MuddyWater appeared to shift to Chaos. A newer brand, less associated with state actors, harder to trace.
What Organizations Should Watch For
The attack used tools and techniques that defenders can identify, but only if they look beyond the ransomware surface.
Microsoft Teams is not a typical attack vector, and that is part of why it works. Employees are less likely to be suspicious of a chat from what appears to be an IT support contact than they would be with an unsolicited email. Screen sharing requests during those sessions should be treated with caution, especially from external accounts.
Credential harvesting via social engineering, MFA manipulation, and the deployment of remote management tools like AnyDesk and DWAgent are all indicators worth monitoring. Legitimate remote access tools are hard to flag automatically because they are designed to look normal. Context matters.
Rapid7 also noted that investigators should look past overt ransomware indicators and focus on the full intrusion lifecycle. The absence of encryption, despite ransomware-style messaging, is itself a red flag.
Final Thoughts
The MuddyWater false flag attack is a clear example of how state-sponsored actors are borrowing from the criminal playbook not to make money, but to stay hidden. Ransomware branding creates noise. It triggers financial crime response workflows, pulls attention toward immediate impact, and buys time for the real objective: persistent access and intelligence collection.
For organizations, especially those in sectors that Iranian threat actors have historically targeted, including government, healthcare, and critical infrastructure, this is a reminder that attribution matters. A ransom note is not proof of criminal intent. The full picture requires looking at what was done, what was not done, and who benefits.
