Seedworm hit 130 organisations from IT and gas-oil sectors in the Middle East, Russia, and Europe

Symantec published a report revealing the details on the cyber espionage group named Seedworm acting in 2017-2018 to gather intelligence on targets in telecom and IT services that opened access to the oil and gas sector mainly in Pakistan and Turkey. Seedworm also affected Russia (11 victims belongs to one Russian firm), Saudi Arabia, Afghanistan, Jordan, and organisations in Europe and North America that have ties to the Middle East.

The group used GitHub to store the malware and exploit several publicly available open-source tools like LaZagne and Crackmapexec which they customised to carry out their attacks.