Home Security New Hacking Cluster ‘Clasiopa’ Concentrating on Supplies Analysis Organizations in Asia

New Hacking Cluster ‘Clasiopa’ Concentrating on Supplies Analysis Organizations in Asia

by crpt os


Feb 23, 2023Ravie LakshmananMalware / Threat Intel

Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.

Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India.

This includes references to “SAPTARISHI-ATHARVAN-101” in a custom backdoor and the use of the password “iloveindea1998^_^” for a ZIP archive.

It’s worth noting that Saptarishi, meaning “Seven sages” in Sanskrit, refers to a group of seers who are revered in Hindu literature. Atharvan was an ancient Hindu priest and is believed to have co-authored one of the four Vedas, a collection of religious scriptures in Hinduism.

“While these details could suggest that the group is based in India, it is also quite likely that the information was planted as false flags, with the password in particular seeming to be an overly obvious clue,” Symantec said in a report shared with The Hacker News.

Also unclear is the exact means of initial access, although it’s suspected that the cyber incursions take advantage of brute-force attacks on internet-facing servers.

Some of the key hallmarks of the intrusions involve clearing system monitor (Sysmon) and event logs as well as the deployment of the multiple backdoors, such as Atharvan and a modified version of the open source Lilith RAT, to gather and exfiltrate sensitive information.

Atharvan is further capable of contacting a hard-coded command-and-control (C&C) server to retrieve files and run arbitrary executables on the infected host.

“The hard-coded C&C addresses seen in one of the samples analyzed to date was for Amazon AWS South Korea (Seoul) region, which is not a common location for C&C infrastructure,” the company pointed out.

The disclosure comes a day after the cybersecurity firm took the wraps off another hitherto undocumented threat group known as Hydrochasma that has been observed targeting shipping companies and medical laboratories in Asia.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex