Jane Edwards
Symantec has found that a new cyber espionage group called Seedworm has started launch cyber attacks on dozens of government agencies, telecommunications, multinational organizations, oil and gas firms and other institutions worldwide since late September.
Seedworm, also known as Zagos or Muddywater, collects intelligence data on targets across the Middle East and uses a new backdoor to compromise systems, Symantec said Tuesday.
The cyber attackers appear to employ open-source tools to gain access to Windows authorization credentials and deploy a tool to steal passwords in users’ email and web browsers in order to gather actionable data.
Researchers from Symantec’s DeepSight Managed Adversary and Threat Intelligence team also discovered that the group uses Github and customizes publicly available tools to launch attacks and has updated its backdoor to prevent detection since last year.
