A cyber intrusion initially presented as a conventional Chaos ransomware attack has now been linked with moderate confidence to the Iranian state-sponsored threat group MuddyWater, also known as Seedworm, according to new research from Rapid7. Investigators found that the attackers used Microsoft Teams-based social engineering, interactive screen sharing, and credential harvesting to gain access before deploying remote management tools such as AnyDesk and DWAgent for persistence and data theft. Rapid7 said the use of Chaos ransomware branding appeared to be a deliberate ‘false flag’ effort designed to obscure the operation’s espionage objectives and complicate attribution.
The Rapid7 report identified multiple technical overlaps tying the campaign to MuddyWater infrastructure, including use of the ‘Donald Gay’ code-signing certificate previously associated with Iranian Ministry of Intelligence and Security-linked operations, as well as command-and-control infrastructure linked to earlier MuddyWater activity.
Rather than prioritizing large-scale encryption, the attackers focused on exfiltrating sensitive information and manipulating multi-factor authentication settings while maintaining long-term access inside victim environments. Rapid7 noted that the operation reflects a broader trend of state-backed actors adopting ransomware tactics and criminal branding to mask cyber espionage campaigns.
“Active since February 2025, Chaos is a ransomware-as-a-service (RaaS) operation specializing in big-game hunting (BGH) attacks against high-profile organizations, with reported ransom demands reaching up to $300,000,” Alexandra Blia, Threat Intelligence Specialist at Rapid7, wrote in a blog post last week. “Despite the name, it is distinct from the Chaos malware builder identified in 2021. The group emerged shortly after the July 2025 law enforcement disruption of BlackSuit infrastructure during Operation Checkmate and is likely composed of former BlackSuit and/or Royal members. To expand its operations, Chaos advertises its affiliate program on cybercrime forums, such as RAMP (prior to its takedown) and RehubCom.”
Blia mentioned that Chaos relies heavily on social engineering and remote access abuse to gain initial access. Rapid7 observed techniques that include spam email flooding combined with voice-based phishing (vishing), often involving impersonation of IT support personnel. Chaos then persuades victims to grant remote access via legitimate tools such as Microsoft Quick Assist, allowing operators to establish an initial foothold.
“The observed use of Chaos ransomware does not indicate a shift in the group’s underlying objectives, but rather reflects a consistent effort to obscure operational intent and complicate attribution,” Blia detailed. “While attribution evasion is a common characteristic of state-affiliated actors, MuddyWater’s reported increase in operational activity as of early 2026, primarily involving cyber espionage and potential prepositioning for disruptive operations across Western and Middle Eastern networks, has likely intensified its reliance on deceptive false-flag operations.”
She noted that the assessment aligns with previously observed behavior. In late 2025, MuddyWater was linked to activity involving the Qilin RaaS ecosystem in an operation targeting an Israeli organization. Following the subsequent public attribution of that incident to the MOIS, it is plausible that the group adopted alternative ransomware branding, in this case Chaos, in an effort to reduce attribution risk and maintain a degree of plausible deniability.
“In line with common ransomware practices, Chaos typically employs double extortion, exfiltrating sensitive data prior to encryption and threatening public disclosure via its data leak site (DLS),” Blia highlighted. “The group has also demonstrated triple extortion by threatening distributed denial-of-service (DDoS) attacks against the victim’s infrastructure. These capabilities are reportedly offered to affiliates as part of bundled services, representing a notable feature of its RaaS model. Additionally, Chaos has been observed leveraging elements of quadruple extortion, including threats to contact customers or competitors to increase pressure on victims.”
The hacker achieved initial access through social engineering conducted via Microsoft Teams, where they initiated one-on-one chats with users from a controlled account. During these interactions, the hacker established screen-sharing sessions, gaining direct visibility and interactive access to user assets. While connected, the hacker executed basic discovery commands, accessed files related to the victim’s VPN configuration, and instructed users to enter their credentials into locally created text files. In at least one instance, the hacker deployed a remote management tool (AnyDesk) to further facilitate access.
“The TA expanded access within the environment by leveraging compromised accounts and establishing remote access channels,” Blia identified. “They used RDP sessions to move between systems, allowing them to operate interactively and access additional resources within the network.”
She added that the “TA distributed emails to multiple users, alleging successful data exfiltration, and provided a .onion link for negotiation. Open-source intelligence (OSINT) collection identified a corresponding entry on the Chaos DLS referencing data; however, all identifying details were redacted, as per the group’s typical ‘blind’ countdown timer.”
Furthermore, a subsequent email introduced a new contact address and instructed recipients to locate a note allegedly placed within their Desktop directory containing ‘access credentials’ for a secure chat.
Rapid7 conducted a threat hunt across assets that focused on files created or accessed within Desktop directories and subdirectories and did not identify any artifacts consistent with the hacker’s claims. The victim further validated the affected user systems and confirmed the absence of such files. Despite these inconsistencies in the initial proof-of-compromise, the hacker later published the stolen data on its DLS in line with modern extortion tactics. The victim confirmed that the leaked data was legitimate.
Blia pointed out that the apparent absence of file encryption, despite the presence of Chaos ransomware artifacts, represents a deviation from typical ransomware behavior. “This inconsistency may indicate that the ransomware component functioned primarily as a facilitating or obfuscation mechanism, rather than as the primary objective of the intrusion. This deviation highlights a mismatch between typical profit-driven ransomware behavior and the actor’s apparent espionage objectives. It further suggests a likely explanation for the inconsistent data provided by the TA as an initial proof-of-compromise.”
Taken together, she observed that these technical indicators and procedural inconsistencies are indicative of a targeted, state-sponsored intrusion masquerading as opportunistic extortion activity.
Commenting on the Rapid7 disclosure, Ensar Seker, CISO at SOCRadar, wrote in an emailed statement that the MuddyWater activity is another example of how state-aligned threat actors increasingly blur the line between cybercrime and cyber-espionage. “Using Chaos ransomware as a decoy, provides plausible deniability while also distracting incident responders into treating the intrusion as financially motivated cybercrime instead of a long-term intelligence collection operation. This tactic complicates attribution, delays strategic response decisions, and increases confusion during the critical early stages of an investigation.”
He added that the Microsoft Teams social engineering component is particularly notable because collaboration platforms are becoming one of the most effective initial access vectors.
“Employees inherently trust internal communication tools, and attackers understand that exploiting human familiarity inside business collaboration environments often bypasses traditional email-focused security controls,” Seker added. “Organizations should treat Teams, Slack, and similar platforms as high-risk attack surfaces, applying the same monitoring, user awareness, and identity protection strategies traditionally reserved for email and VPN infrastructure.”
In conclusion, Blia wrote that the Chaos ransomware incident highlights increasing convergence between state-sponsored intrusion activity and cybercriminal tradecraft. While the operation incorporated recognizable elements of ransomware campaigns, such as extortion messaging and leak site publication, the absence of encryption and the presence of established espionage techniques suggest that financial gain was unlikely to be the primary objective.
“The assessed link to MuddyWater indicates a continued evolution in the group’s operational approach, including the apparent use of RaaS ecosystems and branding to obscure attribution,” according to Blia. “This aligns with broader trends in which state-aligned actors adopt criminal tactics to introduce ambiguity and delay defensive response.”
She added that this case underscores importance of looking beyond overt ransomware indicators. Defenders should also focus on the underlying intrusion lifecycle. Techniques such as social engineering via enterprise communication platforms, credential harvesting with MFA manipulation, and the abuse of legitimate remote access tools remain critical enablers of compromise. Ultimately, this activity is best understood as a hybrid intrusion model, in which ransomware is leveraged not as an end goal but as a mechanism for concealment, coercion, and operational flexibility within a broader intelligence-driven campaign.
