Seedworm, a highly active threat group that is linked to the Iranian government, has been targeting organizations in the Middle East. Many of the attacks linked to Seedworm have made use of the malware known as PowGoop (Downloader.Covic), a newly discovered tool. The relation in targets lead researchers at Symantec to look further and find a connection between the threat actor and the tool. Symantec stated in their research that they can only confirm at medium confidence that the group is linked to the downloader. Attacks were discovered in countries including Turkey, Kuwait, the United Arab Emirates, and Georgia. The espionage group is using their backdoor tools to steal credentials from organizations and create tunnels back to their infrastructure using the open source tools Secure Sockets Funnel (SSF) and Chisel. Other research has shown a loose connection from the threat actor to the ransomware variant known as Thanos. Thanos is an aggressive ransomware the encrypts victim files as well as attempt to overwrite the Master Boot Record (MBR) of the infected computer.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security