Use of legitimate tools possibly linked to Seedworm.

Show Notes

Guest Sylvester Segura from the Symantec Threat Hunter Team joins Dave to discuss their team's work on "Espionage Campaign Targets Telecoms Organizations across Middle East and Asia." Attackers most likely linked to Iran have attacked a string of telecoms operators in the Middle East and Asia over the past six months, in addition to a number of IT services organizations and a utility company.

Organizations in Israel, Jordan, Kuwait, Saudi Arabia, the United Arab Emirates, Pakistan, Thailand, and Laos were targeted in the campaign, which appears to have made no use of custom malware and instead relied on a mixture of legitimate tools, publicly available malware, and living-off-the-land tactics. While the identity of the attackers remains unconfirmed, there is some evidence to suggest a link to the Iranian Seedworm (aka MuddyWater) group. The targeting and tactics are consistent with Iranian-sponsored actors.

The research can be found here:

Espionage Campaign Targets Telecoms Organizations across Middle East and Asia

HOST(S):

Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.

Schedule: Saturdays

Creator: CyberWire, Inc.