Symantec researchers have uncovered extensive insights into a cyber espionage group behind a recent series of cyber attacks designed to gather intelligence on targets spread primarily across the Middle East as well as in Europe and North America.
The group, which we call Seedworm (aka MuddyWater), has been operating since at least 2017, with its most recent activity observed in December 2018.
Analysts in our DeepSight Managed Adversary and Threat Intelligence (MATI) team have found a new backdoor, Backdoor.Powemuddy, new variants of Seedworm’s Powermud backdoor (aka POWERSTATS), a GitHub repository used by the group to store their scripts, as well as several post-compromise tools the group uses to exploit victims once they have established a foothold in their network.