Symantec reports it has uncovered extensive insights into a cyber threat actor it calls “Seedworm,” which it says is behind operations that have gathered intelligence on targets spread primarily across the Middle East but also in North American and Europe. It conducts its operations by using variants of the Powermud backdoor, a new backdoor (Backdoor.Powemuddy), and custom tools for stealing passwords, creating reverse shells, privilege escalation, and the use of the native Windows cabinet creation tool. Symantec believes Seedworm functions as a cyber espionage group to secure actionable intelligence about targeted organizations and individuals that could benefit its sponsors. Government agencies and oil and gas production facilities are among Seedworm’s most targeted groups. However, other critical infrastructure facilities, especially those in related and interdependent sectors, should take note of Seedworm’s tactics given the potential for this activity to spread elsewhere. Symantec’s article includes information on Seedworm that network defenders can use to safeguard their systems. Symantec.
You are here
Related Resources
Jan 23, 2025 in Cybersecurity, in OT-ICS Security, in Federal & State Resources
Jan 23, 2025 in Cybersecurity, in Security Preparedness
Vulnerability Awareness – Joint Advisory on Ivanti Exploit Chains by Suspected Chinese Threat Actors
Jan 23, 2025 in Cybersecurity, in Federal & State Resources, in Security Preparedness