Seedworm: Iranian APT on Networks of U.S. Bank, Airport, Software Company
ID: 0114d91b-c80c-5e20-859b-be01565e45e8
STIX ID: report--0114d91b-c80c-5e20-859b-be01565e45e8
Feed Name: security.com
Threat Score
This intelligence brief reports Iranian APT Seedworm activity since February 2026 against multiple U.S. and Israeli-linked organizations, documenting two backdoors (Dindoor — a Deno-based loader; Fakeset — a Python backdoor) signed with reused certificates, an attempted Rclone exfiltration to Wasabi, associated IOCs (hashes and domains), related actor profiles and recommended defensive measures for detection and resilience.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.