Your Collaboration Tools Are Now the Attack Surface

In early 2026, Rapid7 tracked a MuddyWater campaign that should change how every security team thinks about attack surface. The Iranian state-sponsored group, operating since 2017 and attributed to the IRGC by multiple government agencies, did not exploit a zero-day. They did not breach a firewall or bypass an EDR. They sent a Microsoft Teams message.

The message appeared to come from IT support. The employee responded. Credentials were compromised. Chaos ransomware was deployed shortly after, not as the primary objective, but as a deliberate false flag designed to make the attack look like a criminal ransomware operation rather than nation-state espionage.

The security controls in place did not fail. They were simply not watching this channel.

How the Attack Worked

Microsoft 365 federation is a legitimate feature. It allows users in one tenant to communicate with users in another. When configured permissively, which is the default in many organizations, external parties can initiate Teams chats that appear inside the target's environment.

MuddyWater exploited this by posing as vendor contacts or internal IT support. The messages arrived in a trusted interface, under a plausible identity, with no email header to inspect and no URL to detonate in a sandbox. The social engineering happened in the same window where employees receive meeting invites and project updates. Nothing looked out of place.

After harvesting credentials, the group moved laterally using legitimate access. The ransomware deployment came later, not because MuddyWater ransoms victims, but because Chaos ransomware introduced noise. A criminal ransomware gang is a plausible alternate explanation. It takes forensic work to rule it out. During the first 72 hours of an incident response, that ambiguity is operationally damaging.

The Monitoring Gap Nobody Talks About

Email security is mature. Most organizations run gateway filtering, anti-phishing, DMARC, DKIM, and user reporting. The volume of threat intelligence around email-based attacks is substantial. Detection controls have improved steadily for two decades.

Collaboration platforms are a different story. Teams, Slack, and Zoom chat have no equivalent monitoring ecosystem. Most organizations have no behavioral analytics on who messages whom, no anomaly detection for external-to-internal contact patterns, and no alerting when an external user initiates a conversation with an employee who has never interacted with them.

The attack surface is substantial. Microsoft Teams has over 320 million monthly active users. Slack is deployed across the majority of technology, finance, and media organizations. These platforms carry sensitive conversations, shared files, and links that employees click without the instinctive caution they apply to email. The attackers have noticed.

If your attack surface map does not include collaboration tools, you have a systematic blind spot. Not a configuration issue. Not a patching lag. A gap in how you have defined your perimeter.

The False Flag Problem at Board Level

A false flag attack is not a technical problem. It is a governance problem.

When your IR team identifies ransomware, the first question is who deployed it and why. The answer determines everything: which law enforcement agency to notify, whether to involve national cyber authorities, how to characterize the incident under NIS2 or the SEC Cyber Rule, whether your cyber insurance covers a nation-state event, and which remediation playbook to run.

NIS2 Article 23 requires notification within 72 hours of becoming aware of a significant incident. The SEC requires disclosure of material incidents within four business days. Neither framework pauses the clock while you determine whether your attacker is a criminal gang or a government intelligence service. You report with the information you have.

If you report the wrong threat actor because a false flag confused your attribution, you may need to issue a corrected disclosure. That is not a hypothetical edge case. It is the designed outcome of this attack technique. The confusion is the weapon.

Most IR plans address ransomware response. Most do not address the scenario where the ransomware is a deliberate misdirection by a state actor. That is a gap worth closing before an incident, not during one.

What Your Security Team Should Do Now

The MuddyWater campaign is not a reason to disable Teams or restrict all external federation. It is a reason to be deliberate about how federation is configured and monitored.

Audit your federation settings. Microsoft 365 allows granular control over which external tenants can initiate contact. Most organizations have not reviewed these settings since initial deployment. Open external federation with no allowlist is the equivalent of allowing unknown senders to appear in your internal email directory. It deserves the same scrutiny.

Add collaboration platforms to your monitoring scope. Teams and Slack generate logs. Those logs can be ingested into SIEM and analyzed for anomalies: first-time contact from external tenants, external users contacting multiple employees in a short window, links shared by external contacts before a relationship is established. This is not complex detection engineering. It is applying existing capabilities to a channel you have been ignoring.

Run a social engineering simulation on collaboration tools. If your phishing simulation program tests email only, you are measuring awareness against last year's attack vector. A Teams-based social engineering simulation will produce results that are uncomfortable but instructive. Most employees apply less skepticism to a Teams message than to an email from an unknown sender.

Update your IR playbook for false flag scenarios. The question is not just "what do we do when we are hit by ransomware." It is "what do we do when ransomware appears to be a distraction and the real objective was credential theft and persistence." Those are different response sequences, and conflating them costs time during the hours that matter most.

The Bigger Question: How Is Your Attack Surface Defined?

Most organizations define their external attack surface as the systems accessible from the internet: web applications, VPN endpoints, cloud storage, exposed APIs, email infrastructure. That definition was built when collaboration happened inside the office on internal tools.

The attack surface today includes every system through which an external party can reach an internal user. That is a different definition, and it includes collaboration platforms, credential exposure on dark web forums, leaked tokens in public repositories, and the digital identities your employees maintain across vendor portals and industry communities.

Organizations that map and monitor this broader surface find the exposure before attackers exploit it. They see leaked credentials before they are used. They identify anomalous external contact patterns before they result in compromise. They close the gaps that conventional perimeter scanning misses entirely.

The MuddyWater campaign is a case study in what happens when the attack surface definition is too narrow. The organization's controls were working. They were watching the wrong channels.

Five Questions to Bring to Your Security Team

If you are a board member or CEO reading this, these five questions will tell you where your organization stands.

1. Are Teams, Slack, and Zoom included in our attack surface assessment? If the answer is no or uncertain, you have a gap. These platforms now carry as much sensitive communication as email and are monitored far less.

2. Can we detect when an external user contacts multiple employees through Teams without a prior relationship? This is a basic anomaly signal. If the answer is no, you have no early warning for this attack pattern.

3. When did we last run a social engineering simulation using Teams or Slack? If it has never happened, you do not know your actual exposure. Phishing awareness trained on email does not transfer automatically to collaboration platforms.

4. What does our IR plan say when we cannot confirm attribution within the regulatory notification window? If there is no documented answer, the team will improvise under pressure. That is where false flag attacks do the most damage.

5. Does our cyber insurance cover nation-state incidents? Many policies contain war exclusions that insurers are increasingly applying to state-sponsored attacks. If your policy has not been reviewed recently, this is the right moment.

Frequently Asked Questions

Can Microsoft Teams be used for phishing attacks?

Yes. Microsoft 365 federation allows external users to initiate chats that appear inside an organization's Teams environment. Nation-state groups including MuddyWater have used this to impersonate IT support or vendor contacts and harvest credentials. Most organizations have no behavioral monitoring on Teams messaging, which makes it a lower-friction attack vector than email.

What is a false flag ransomware attack?

A false flag ransomware attack is when a threat actor deploys ransomware not as the primary objective, but to create confusion about who conducted the attack. MuddyWater deployed Chaos ransomware in early 2026 to make the campaign appear criminal rather than nation-state. This delays attribution, disrupts incident response, and can cause organizations to notify the wrong authorities and follow the wrong containment playbook.

Why are collaboration tools not included in most attack surface assessments?

Collaboration platforms were adopted as productivity tools and were not initially treated as security infrastructure. Most attack surface programs focus on internet-exposed systems: web apps, VPNs, cloud storage. Teams and Slack are external-facing by design but rarely appear in external exposure scans or behavioral monitoring programs. The result is a systematic blind spot that nation-state actors are actively exploiting.

What is the regulatory risk when attribution is unclear after a breach?

NIS2 Article 23 requires notification within 72 hours. The SEC Cyber Rule requires material incident disclosure within four business days. Both frameworks require organizations to characterize the incident in that window. A false flag attack is designed to make that characterization wrong. Organizations that report the wrong threat actor may need to issue corrected disclosures, which creates additional regulatory scrutiny.

How should a CISO respond to the MuddyWater Teams attack?

Four immediate steps: audit Microsoft 365 external federation settings; add Teams logs to SIEM with anomaly detection for external contact patterns; run a social engineering simulation targeting collaboration tools; and update the IR playbook to address false flag scenarios where ransomware is a distraction rather than the primary attack. The strategic step is to include collaboration platforms in the attack surface assessment on the same basis as any external-facing system.

Closing

The perimeter is not where you think it is. It includes every channel through which an external party can reach your people. Collaboration tools are that channel for most organizations today, and they are largely unmonitored.

Nation-state actors are patient. They look for the channel your controls are not watching. Right now, for most organizations, that channel is Teams.

The question is not whether your security stack is sophisticated enough. It is whether it is pointed at the right surface.