‘Seedworm’ Attackers Target Telcos in Asia, Middle East

The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers. The cyberespionage campaigns leverage a potent cocktail of spear phishing, known malware and legitimate network utilities that are leveraged to steal data and potentially disrupt supply-chains.

Researchers outlined their findings on Tuesday in a report that says attacks are targeting a number of IT services organizations and a utility company. Although the initial attack vector is as yet unclear, threat actors appear to gain entry to networks using spear-phishing and then steal credentials to move laterally, according to the report published by Symantec Threat Hunter Team, a division of Broadcom.
“Organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand and Laos were targeted in the campaign, which appears to have made no use of custom malware and instead relied on a mixture of legitimate tools, publicly available malware, and living-off-the-land tactics,” researchers wrote in the report.

Though the identity of attackers also is unconfirmed, they potentially could

Read More: https://threatpost.com/seedworm-attackers-telcos-asia-middle-east/176992/