MuddyWater APT Group Conducts False Flag Ransomware Attack via Microsoft Teams

The Iranian state-sponsored hacking group MuddyWater (also known as Mango Sandstorm, Seedworm, and Static Kitten) was attributed to a ransomware attack characterized as a "false flag" operation. The attack, observed by Rapid7 in early 2026, employed social engineering techniques via Microsoft Teams to initiate the infection sequence. No specific technical details, CVE IDs, or victim organizations were disclosed in the reported incident. The operation highlights the group's use of collaboration platforms to steal credentials and deploy malicious payloads. The full scope of the attack's impact remains unconfirmed.