Threats Feed|Seedworm|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date14/12/2021

Seedworm Group Suspected in Sweeping Espionage Campaign Across Telecom and IT Services

  • Actor Motivations: Espionage
  • Attack Vectors: Malware,Supply Chain Compromise
  • Attack Complexity: High
  • Threat Risk: High Impact/High Probability

Threat Overview

An espionage campaign tentatively linked to the Iranian-backed Seedworm group has been using compromised organizations as stepping stones to additional victims or targets that may have been compromised solely to perform supply-chain-type attacks on other organizations. The attackers primarily used legitimate tools, publicly available malware, and living-off-the-land tactics, with a significant interest in Exchange Servers. While the ultimate end goal remains unknown, the focus on telecom operators suggests the attackers are gathering intelligence on the sector, potentially pivoting into communications surveillance.

Reference and Credit: Symantec - December 2021

Espionage Campaign Targets Telecoms Organizations across Middle East and Asia

Detected Targets

TypeDescriptionConfidence
SectorInformation Technology
Verified
SectorTelecommunication
Verified
SectorUtilities
Verified
RegionIsrael
Verified
RegionJordan
Verified
RegionKuwait
Verified
RegionLaos
Verified
RegionPakistan
Verified
RegionSaudi Arabia
Verified
RegionThailand
Verified
RegionUnited Arab Emirates
Verified
RegionMiddle East Countries
High

Extracted IOCs

  • 1a107c3ece1880cbbdc0a6c0817624b0dd033b02ebaf7fa366306aaca22c103d
  • 22e7528e56dffaa26cfe722994655686c90824b13eb51184abfe44d4e95d473f
  • 61f83466b512eb12fc82441259a5205f076254546a7726a2e3e983011898e4e2
  • 6d73c0bcdf1274aeb13e5ba85ab83ec00345d3b7f3bb861d1585be1f6ccda0c5
  • 912018ab3c6b16b39ee84f17745ff0c80a33cee241013ec35d0281e40c0658d9
  • 916cc8d6bf2282ae0d2db587f4f96780af59e685a1f1a511e0b2b276669dc802
  • 96632f716df30af567da00d3624e245d162d0a05ac4b4e7cbadf63f04ca8d3da
  • ae5d0ad47328b85e4876706c95d785a3c1387a11f9336844c39e75c7504ba365
  • b0b97c630c153bde90ffeefc4ab79e76aaf2f4fd73b8a242db56cc27920c5a27
  • b15dcb62dee1a8499b8ac63064a282a06abf0f7d0302c5e356cdb0c7b78415a9
  • bee3d0ac0967389571ea8e3a8c0502306b3dbf009e8155f00a2829417ac079fc
  • ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131
  • d9770865ea739a8f1702a2651538f4f4de2d92888d188d8ace2c79936f9c2688
  • e0873e15c7fb848c1be8dc742481b40f9887f8152469908c9d65930e0641aa6b
  • e2a7a9a803c6a4d2d503bb78a73cd9951e901beb5fb450a2821eaf740fc48496
  • f6600e5d5c91ed30d8203ef2bd173ed0bc431453a31c03bc363b89f77e50d4c5
  • facb00c8dc1b7ed209507d7c56d18b2c542c4e0b2986b9bfaf1764d8e252576b
download

Tip: 17 related IOCs (0 IP, 0 domain, 0 URL, 0 email, 17 file hash) to this threat have been found.

Overlaps

MuddyWaterMuddyWater Espionage Campaign: A Deep Dive into Malware and Tactics

Source: Picussecurity - March 2022

Detection (one case): ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131

MuddyWaterMuddyWater Expands Its Reach: A Deep Dive into the Earth Vetala Intrusion

Source: Trend Micro - March 2021

Detection (two cases): 61f83466b512eb12fc82441259a5205f076254546a7726a2e3e983011898e4e2, ccdddd1ebf3c5de2e68b4dcb8fbc7d4ed32e8f39f6fdf71ac022a7b4d0aa4131

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.

About Affiliation
Seedworm
View Seedworm's Insights