In the part of their attacks on companies and government agencies in the broader Middle East region, an Iranian cyberattack group has begun utilizing new tools, including a custom download utility and commodity ransomware, as per Broadcom's Symantec division.
Dubbed as Seedworm, the group gives off an impression of being deploying a few variations of a new downloader, known as PowGoop, to the recent targets.
The utilization of the noxious program doesn't demonstrate a shift to ransomware-based cybercrime for the group, yet rather a reception of a more extensive variety of strategies for countering defensive measures.
The software downloads and decrypts 'obfuscated' PowerShell scripts to run on compromised frameworks, utilizing the basic utility as an approach to execute code.
The researchers additionally state that the group is sending ransomware, known as Thanos, which previously appeared available to be purchased not long ago and gives off an impression of being utilized by Seedworm for its 'destructive capacities'.
"Looking at Seedworm's history, it is apparent they've been focused on Middle East-based government organizations for years," "We don't believe that they are directly focused on monetary gain. From our standpoint, the Thanos victim organizations [represent] very few [targets] — just a handful at the most," says Vikram Thakur, Symantec's technical director.
The researchers were moderately sure, nonetheless, in ascribing PowGoop to the Iranian state actor.
"Seedworm has been one of the most active Iran-linked groups in recent months, mounting apparent intelligence-gathering operations across the Middle East," Symantec researchers stated in their analysis.
"While the connection between PowGoop and Seedworm remains tentative, it may ..
Support the originator by clicking the read the rest link below.
