Seedworm

description
The iranian actor Seedworm hacked various firms, primarily related to telecommunication with the goal of datatheft. The exact origin of this group remains unknown
sources attribution
Not available
sources politicalization
Not available
start
01.09.2018
end
30.11.2018
source incident detection disclosure
Incident disclosed by IT-security company
receiver
label:
Not available
category:
State institutions / political system
Government / ministries
Critical infrastructure
Telecommunications
Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)
country:
Pakistan
label:
Not available
category:
State institutions / political system
Government / ministries
Critical infrastructure
Telecommunications
Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)
country:
Turkey
label:
Not available
category:
State institutions / political system
Government / ministries
Critical infrastructure
Telecommunications
Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)
country:
Russia
label:
Not available
category:
State institutions / political system
Government / ministries
Critical infrastructure
Telecommunications
Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)
country:
Saudi Arabia
inclusion criteria
Attack on (inter alia) political target(s), not politicized
articles
Seedworm: Group Compromises Government Agencies, Oil & Gas, NGOs, Telecoms, and IT Firms
'Highly Active' Seedworm Group Hits IT Services, Governments
added to database
15.08.2022
articles
Not available
attribution date
2018
attribution basis
IT-security community attributes attacker
attributing country
Not available
attributing actors
Not available
attribution type
Technical report (e.g., by IT-companies, Citizen Lab, EFF)
initiators
label:
MuddyWater/TEMP.Zagros/MERCURY/Static Kitten/Seedworm/G0069
category:
Non-state actor, state-affiliation suggested
Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)
countries:
Iran, Islamic Republic of
legal attribution references
Not available
Incident/Operation Type
Data theft
Hijacking with Misuse
data theft
For private / commercial targets: non-sensitive information (incident scores 1 point in intensity)
disruption
none
hijacking
Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)
Physical Effects (temporal)
none
Physical Effects (spatial)
none
unweighted cyber intensity
3
Target / Effect Multiplier
Moderate - high political importance
weighted cyber intensity
Low / moderate intensity - 3
MITRE: Initial Access
Not available
MITRE: Impact
Not available
Common Vulnerability Scoring System: User Interaction
Not available
Zero Day
No
cyber conflict issue
Unknown
offline conflict issue
Unknown
offline conflict intensity
Unknown
casualties
No casualties as a direct result of the cyber incident
political response
Not available
state responsibility indicator
Not available
il breach indicator
Not available
response indicator
Not available
Evidence for Sanctions Indicator
Not available
legal response
Not available
impact indicator
Not available