trending:

sponsored:

Just In

More News Load more
Cybersecurity

Security firm: Cyber espionage group Seedworm escalating attacks

by Olivia Beavers - 12/10/18 6:00 PM ET
by Olivia Beavers - 12/10/18 6:00 PM ET

A cyber espionage group called Seedworm is escalating its malicious web activities, hitting a variety of targets including government organizations and telecommunications companies over the past couple months, a security firm said Monday.

Symantec researchers said Seedworm has infiltrated more than 30 organizations since late September, with the targets predominately based in Pakistan and Turkey, but also in Saudi Arabia, Russia, Afghanistan and Jordan. Companies based in Europe and the U.S. with ties to the Middle East were also hit.

{mosads}”The telecommunications and IT services sectors were the main targets. Entities in these sectors are often ‘enabling victims’ as telecommunications providers or IT services agencies and vendors could provide Seedworm actors with further victims to compromise,” the report says, noting the second most hit group were companies in the oil and gas sector.

Seedworm uses — and continues to update — a custom tool known as Powermud backdoor, which allows the group to evade detection in the computer systems they hack. Symantec said Seedworm is the only group known to use this backdoor. 

“After compromising a system, typically by installing Powermud or Powemuddy, Seedworm first
runs a tool that steals passwords saved in users’ web browsers and email, demonstrating that
access to the victim’s email, social media, and chat accounts is one of their likely goals,” the report reads.

In addition to discovering the new tool, the security firm say it has gained “extensive insights” into the group’s activity by uncovering the Github repository where the group has stored their malicious scripts as well as post-compromise tools it uses on its victims after compromising their systems.

Symantec researchers described Seedworm, which is also known as MuddWater or Zagos, as a sophisticated group that continuously shifts its tactics, making it hard to track.

“Choosing to rely on publicly available tools allows Seedworm to quickly update their operations
by using code written by others and applying only small customizations. And they appear to
adopt some of the most effective and capable tools,” the firm found.

Tags

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts

Main Area Top ↴

Video/Hill.TV

See all Hill.TV

See all Video

See all Hill.TV See all Video
Main Area Bottom ↴

Testing Video

ASR RAW Boys Lacrosse: Coronado 8, Poway 6

ASR RAW Boys Lacrosse: Coronado 8, Poway 6
ASR RAW Girls Lacrosse: Coronado 15, Cathedral ...
Former Torrey Pines teammates take home another NCAA ...
Boys Lacrosse: Torrey Pines 11, Bishop's 9
More Videos

Top Stories

See All

See All
Sidebar Top ↴

Most Popular

  1. Marjorie Taylor Greene stumps for Steve Bannon as he reports to prison
  2. Housing costs have nearly doubled in swing states since 2020
  3. Potential cause of lupus may be identified: Study
  4. Evictions rising across Southwest, dropping in Northeast: Data
Load more
Sidebar Middle ↴

The Hill Podcasts

Sidebar Middle ↴

People – Custom HTML – Sidebar Bottom – Any Person

SIDEBAR BOTTOM
Read next >
Read next >
Next
Read next >
Next story in
Read next >
Next story in