MuddyWater Is Impersonating IT Support in Teams to Steal Credentials

An employee gets a Microsoft Teams message from someone claiming to be IT support. The profile looks official, the language is professional, and the request sounds routine: “We need to run a quick diagnostic on your machine. Can you start a screen share?” The employee complies, grants access through Quick Assist, and within minutes an attacker has full control of their workstation, their credentials, and a foothold into your network.

This is the playbook behind an active campaign from MuddyWater (also known as Mango Sandstorm), an Iranian state-sponsored threat group tracked by Microsoft Threat Intelligence. The group is sending social engineering messages through Microsoft Teams to employees at U.S. businesses in construction, manufacturing, and business services, the exact verticals where Infonaligy works with clients daily.

How the Attack Works

The attack chain starts with an external Teams chat request. MuddyWater operatives create Microsoft 365 tenant accounts that look like legitimate IT support staff, then send messages to employees at target companies. Because the messages come through Teams rather than email, employees tend to trust them more. Teams feels like an internal tool, even when the message originates from outside the organization.

Once the attacker establishes a conversation, they convince the employee to open a screen-sharing session and install Microsoft Quick Assist, a built-in remote access tool in Windows. Quick Assist gives the attacker the ability to see the employee’s screen and take control of their mouse and keyboard, all with the employee’s permission.

From there, the attack escalates quickly:

• Credential harvesting. The attacker captures login credentials from the active session, including any saved passwords in browsers or cached authentication tokens.
• Malware deployment. MuddyWater deploys multi-stage malware disguised as legitimate Microsoft WebView2 applications. Because WebView2 is a real Microsoft component used by many business apps, the malware blends in with normal software and evades basic detection tools.
• Persistent access. The attacker installs AnyDesk and DWAgent, two legitimate remote access tools, to maintain access to the compromised machine even after the initial Quick Assist session ends. These tools run in the background and connect back to attacker-controlled infrastructure.
• Data exfiltration and extortion. Once the attacker has persistent access, they move laterally through the network, steal sensitive data, and use it to extort the victim company.

The entire chain relies on one thing: an employee trusting a Teams message from someone they don’t know.

Why Teams Is an Attractive Attack Vector

Most businesses have invested heavily in email security. Spam filters, phishing detection, DMARC enforcement, and sandboxing catch the majority of malicious emails before they reach an inbox. Attackers know this, so they’re moving to channels with fewer controls.

Microsoft Teams is one of those channels. By default, Microsoft 365 tenants allow external users to send chat messages to anyone in your organization. That means an attacker who creates a plausible-looking Microsoft 365 account can message your employees directly, bypassing every email security tool you’ve deployed.

Employees also behave differently on Teams than they do with email. Years of security awareness training have taught people to be cautious with email attachments and links. But Teams feels like an internal communication tool, a place where colleagues ask questions and IT sends announcements. That perception gap is exactly what MuddyWater exploits.

This is the same dynamic we covered in our post on AI-powered social engineering: attackers succeed by showing up in trusted channels where employees let their guard down.

How to Protect Your Business

These defenses are concrete and implementable. Most can be in place within a week.

Restrict external Teams access. The single most effective control is disabling external chat requests in Microsoft Teams, or restricting them to a whitelist of known partner domains. In the Microsoft Teams admin center, go to External Access settings and either block all external domains or allow only the specific domains your business communicates with. This shuts down the primary attack vector entirely.

Block or restrict Quick Assist. If your employees don’t need Quick Assist for their daily work, remove it or disable it through endpoint management policies (Intune, Group Policy, or your RMM tool). If your IT team does use Quick Assist for legitimate support, restrict who can install and run it to authorized support personnel only.

Control remote access tool installation. Create application control policies that prevent users from installing remote access tools like AnyDesk, DWAgent, TeamViewer, or similar software without IT approval. Attackers rely on these tools for persistence, and blocking unauthorized installations cuts off that path. Endpoint detection and response tools can flag and block these installations automatically.

Train employees to verify IT support requests through a second channel. If someone contacts an employee claiming to be IT support, the employee should verify the request by calling the help desk directly using a known phone number or messaging their manager through a separate channel. This out-of-band verification habit is the same defense that stops credential theft and business email compromise. Real IT support will never be offended by a verification request.

Monitor for indicators of compromise. If your business has a managed security provider or internal SOC, make sure they’re watching for:

• Unexpected installations of AnyDesk, DWAgent, or other remote access tools
• Quick Assist sessions initiated by non-IT users
• Outbound connections to unfamiliar remote management infrastructure
• New or unusual WebView2 application processes running on endpoints

What to Do If an Employee Already Granted Access

If someone on your team already fell for this type of request, speed matters. Take these steps immediately:

1. Disconnect the affected machine from the network. Pull the ethernet cable or disable Wi-Fi. Don’t shut it down yet, as forensic evidence may be needed.
2. Reset the employee’s credentials. Change their password, revoke active sessions, and re-enroll their MFA. Assume any credentials cached or visible during the session are compromised.
3. Scan for remote access tools. Check the affected machine for AnyDesk, DWAgent, Quick Assist sessions, and any unfamiliar software. Check other machines on the same network segment for lateral movement.
4. Engage your security provider. If you have a managed security partner, loop them in immediately. If you don’t, this is the moment to call one. The difference between a contained incident and a full breach often comes down to how fast a professional response team gets involved.
5. Notify your team. Let other employees know about the attack so they can report any similar messages they may have received and ignored.

Lock This Down This Week

MuddyWater isn’t targeting Fortune 500 companies with this campaign. They’re going after businesses in construction, manufacturing, and business services, companies with 50 to 500 employees that rely on Microsoft 365 and don’t always have dedicated security teams reviewing every Teams message.

The fix starts with one configuration change: restrict external access in Microsoft Teams. Layer on application controls for remote access tools, update your team’s awareness training to include Teams-based social engineering scenarios, and make sure someone is actively monitoring your environment for the indicators described above.