Security News > 2021 > December > ‘Seedworm’ Attackers Target Telcos in Asia, Middle East

Attackers targeting telcos across the Middle East and Asia for the past six months are linked to Iranian state-sponsored hackers, according to researchers.

Though the identity of attackers also is unconfirmed, they potentially could be linked to the Iranian group Seedworm, aka MuddyWater or TEMP.Zagros, researchers said.

While there already has been threat activity from Iran against telcos in the Middle East and Asia-the Iranian Chafer APT, for example targeted a major Middle East telco in 2018-a Symantec spokesperson called the activity detailed in the report "a step up" in its focus and a potential harbinger of greater attacks to come.

Researchers broke down a specific attack against a telecom company in the Middle East that began in August.

"One feature of this attack against a telecoms organization is that the attackers may have attempted to pivot to other targets by connecting to the Exchange Web Services of other organizations, another telecoms operator and an electronic equipment company in the same region," they wrote.

Attackers demonstrated interest in using some compromised organizations as stepping stones or solely to target organizations other than the initial one to mount a supply-chain attack, researchers observed.

News URL

https://threatpost.com/seedworm-attackers-telcos-asia-middle-east/176992/