Seedworm, a highly active threat group that is linked to the Iranian government, has been targeting organizations in the Middle East. Many of the attacks linked to Seedworm have made use of the malware known as PowGoop (Downloader.Covic), a newly discovered tool. The relation in targets lead researchers at Symantec to look further and find a connection between the threat actor and the tool. Symantec stated in their research that they can only confirm at medium confidence that the group is linked to the downloader. Attacks were discovered in countries including Turkey, Kuwait, the United Arab Emirates, and Georgia. The espionage group is using their backdoor tools to steal credentials from organizations and create tunnels back to their infrastructure using the open source tools Secure Sockets Funnel (SSF) and Chisel. Other research has shown a loose connection from the threat actor to the ransomware variant known as Thanos. Thanos is an aggressive ransomware the encrypts victim files as well as attempt to overwrite the Master Boot Record (MBR) of the infected computer.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.