Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    New Hacking Cluster ‘Clasiopa’ Targeting Materials Research Organizations in Asia

    justmattgBy justmattgFebruary 26, 2023No Comments2 Mins Read

    [ad_1]

    Feb 23, 2023Ravie LakshmananMalware / Threat Intel

    Hacking

    Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.

    Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India.

    This includes references to “SAPTARISHI-ATHARVAN-101” in a custom backdoor and the use of the password “iloveindea1998^_^” for a ZIP archive.

    It’s worth noting that Saptarishi, meaning “Seven sages” in Sanskrit, refers to a group of seers who are revered in Hindu literature. Atharvan was an ancient Hindu priest and is believed to have co-authored one of the four Vedas, a collection of religious scriptures in Hinduism.

    “While these details could suggest that the group is based in India, it is also quite likely that the information was planted as false flags, with the password in particular seeming to be an overly obvious clue,” Symantec said in a report shared with The Hacker News.

    Also unclear is the exact means of initial access, although it’s suspected that the cyber incursions take advantage of brute-force attacks on internet-facing servers.

    Some of the key hallmarks of the intrusions involve clearing system monitor (Sysmon) and event logs as well as the deployment of the multiple backdoors, such as Atharvan and a modified version of the open source Lilith RAT, to gather and exfiltrate sensitive information.

    Atharvan is further capable of contacting a hard-coded command-and-control (C&C) server to retrieve files and run arbitrary executables on the infected host.

    “The hard-coded C&C addresses seen in one of the samples analyzed to date was for Amazon AWS South Korea (Seoul) region, which is not a common location for C&C infrastructure,” Symantec pointed out.

    Judging by its tools and tactics, the group’s chief motive appears to be achieving persistent access to victim machines without being detected and carrying out information theft.

    The disclosure comes a day after the cybersecurity firm took the wraps off another hitherto undocumented threat group known as Hydrochasma that has been observed targeting shipping companies and medical laboratories in Asia.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleThe Secret Vulnerability Finance Execs are Missing
    Next Article Lazarus Group Likely Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑