The Iranian state-sponsored hacking group MuddyWater has been linked to a ransomware attack disguised as a false flag operation, using Microsoft Teams-based social engineering to initiate infections — a technique observed by Rapid7 in early 2026.