Sunday, December 31, 2023

Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa

Seedworm, also known as Muddywater, is an Iranian espionage group that has been targeting organizations operating in the telecommunications sector in Egypt, Sudan, and Tanzania.

The group has been active since at least 2017 and is known for targeting organizations in the Middle East, with a strong focus on African organizations in recent campaigns. In November 2023, Seedworm used various tools in its attacks, including the MuddyC2Go infrastructure, PowerShell launcher, SimpleHelp remote access tool, and Venom Proxy.

Some key points about Seedworm and its attacks on telecom organizations include:

  • Seedworm has a history of targeting telecommunications organizations, as many cyberespionage groups do
  • The group's strong focus on African organizations in this campaign is notable, as it generally primarily focuses on organizations in the Middle East
  • The attackers used a variety of tools in the November 2023 campaign, including the MuddyC2Go infrastructure, PowerShell launcher, SimpleHelp remote access tool, and Venom Proxy
  • Symantec researchers have warned about Seedworm targeting telecoms organizations in North and East Africa
  • The group has shown a consistent interest in telecommunications, which is a common focus for many cyberespionage groups

Organizations in the telecommunications sector should be aware of Seedworm's activities and take necessary precautions to protect their networks and systems.

IoC

    IPv4

  • 45.67.230.91
  • 94.131.109.65
  • 146.70.124.102
  • 45.150.64.39
  • 94.131.3.160
  • 94.131.98.14
  • 95.164.38.99
  • 95.164.46.199

SHA256

  • 1a0827082d4b517b643c86ee678eaa53f85f1b33ad409a23c50164c3909fdaca
  • 3916ba913e4d9a46cfce437b18735bbb5cc119cc97970946a1ac4eab6ab39230
  • eac8e7989c676b9a894ef366357f1cf8e285abde083fbdf92b3619f707ce292f

REFERENCES

  • https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/iran-apt-seedworm-africa-telecoms
  • https://otx.alienvault.com/pulse/6581f2b87f29f4e500192412

TAGS

seedworm, simplehelp, powershell, muddyc2go, venom proxy, middle east, anydesk, muddywater, APT34

at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

En el contexto creciente de convergencia entre sistemas industriales, inteligencia artificial (IA) y digitalización, la gestión del riesgo c...