National Cyber Warfare Foundation (NCWF)

Seedworm


0 user ratings
2024-06-18 15:21:31
blscott

 - archive -- 
Seedworm is an alternate name for the group known as MuddyWater

Seedworm is an advanced persistent threat (APT) that has been active since at least 2017 and targets organizations in various industries, including government agencies, defense contractors, and telecommunications companies. It is believed to be linked to the Chinese military intelligence unit known as Unit 61398. Seedworm uses a variety of tactics, techniques, and procedures (TTPs) to gain access to its targets' networks, including spear-phishing emails, watering hole attacks, and exploiting vulnerabilities in software. Once inside the network, it can steal sensitive information or install backdoors for future use. Seedworm is considered a high-level threat due to its sophistication and potential impact on national security.

Techniques, tactics and practices:

Seedworm uses a variety of TTPs to gain access to its targets' networks, including spear-phishing emails that contain malicious attachments or links. Once clicked, the attachment or link downloads and installs malware on the victim's device. Seedworm also employs watering hole attacks by compromising legitimate websites frequented by target organizations to deliver malware through drive-by downloads. Additionally, it exploits vulnerabilities in software such as Adobe Flash Player or Microsoft Office to gain access to networks and steal sensitive information. Overall, Seedworm is a highly sophisticated APT that employs multiple tactics to achieve its objectives of espionage and data theft.



Comments
new comment
Nobody has commented yet. Will you be the first?
 




This link is from a restricted area of the forums.
Forum



Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.