Symantec reports it has uncovered extensive insights into a cyber threat actor it calls “Seedworm,” which it says is behind operations that have gathered intelligence on targets spread primarily across the Middle East but also in North American and Europe. It conducts its operations by using variants of the Powermud backdoor, a new backdoor (Backdoor.Powemuddy), and custom tools for stealing passwords, creating reverse shells, privilege escalation, and the use of the native Windows cabinet creation tool. Symantec believes Seedworm functions as a cyber espionage group to secure actionable intelligence about targeted organizations and individuals that could benefit its sponsors. Government agencies and oil and gas production facilities are among Seedworm’s most targeted groups. However, other critical infrastructure facilities, especially those in related and interdependent sectors, should take note of  Seedworm’s tactics given the potential for this activity to spread elsewhere. Symantec’s article includes information on Seedworm that network defenders can use to safeguard their systems. Symantec.