Cybersecurity software offering US Company Symantec has discovered a new hackers group named ‘Seedworm’ or ‘Muddywater’ which has made the telecommunications and IT services sectors as main cyber attack targets from the past few months. The company discovered in its research that the group was behind the recent attacks launched on Pakistan, Turkey, Russia, Saudi Arabia, Afghanistan, Jordan and some parts of Europe and North America.
Researchers from Symantec claim that the group aims to gather intelligence via cyber attacks and is likely operating from the Middle East- most possibly Iran. The investigation further reveals that the hacking group is being funded by a nation-state and is in operation since 2017.
Symantec’s DeepSight Managed Adversary and Threat Intelligence (MATI) team says that the group has been storing launch scripts & other data on repositories of GitHub and has a list of companies to be targeted in 2019.
Sources reporting to Cybersecurity Insiders on the condition of anonymity say that Seedworm is having a link with Russia’s GRU funded espionage group APT28 or Fancy Bear and has so far launched several attacks on firms operating in the west which includes Brazil-based embassy for oil production.
Symantec study says that the group works with an objective of first accessing victims email, and social media accounts. Analyzing the data posted on those accounts and then launches attacks accordingly.
“It’s not that easy to detect the intrusions of Mudwater as they masquerade their whereabouts by continuously updating their powermud backdoor and other tools. And our research has found that the hacking group has attained success in compromising over 131 victims from late Sept to mid-November 2018. First, their targets where companies from telecom and IT sectors and then they shifted their focus to oil and gas refineries, followed by Universities and embassies”, say researchers from the Mountain View-based company.