In a report released Monday, Symantec said that cyber espionage group Seedworm is increasing the rate of its attacks, having hit 130 victims in 30 organizations since September 2018. The group, which is also known as MuddyWater, uses cyberattacks to gather intelligence on targets primarily located in the Middle East, though it has gone after individuals and organizations in North America and Europe. According to Symantec’s research, Seedworm primarily attacks companies and organizations involved in the telecommunications, IT services, and oil and gas sectors, as well as government agencies. The vast majority of its victims are in the Middle East, though it has attacked companies and organizations in the United States, Russia, and the Netherlands. According to Symantec the group uses a variant of the Powermud backdoor (Backdoor.Powermuddy) and open source custom tools to steal passwords saved in users’ web browsers and email as well as obtain Windows authorization credentials.
