Security News > 2021 > October > State-backed hackers breach telcos with custom malware
"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said.
"The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."
Graphon - custom backdoor that uses Microsoft infrastructure for its C&C activity.
Custom Downloader - uses Microsoft infrastructure for its C&C activity.
Custom Screenshotter - periodically logs screenshots to a file.
The custom screenshot tool captures photos from the desktop and saves them to a password-protected ZIP archive that is exfiltrated through Graphon.
News URL
Related news
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- HPE investigates breach as hacker claims to steal source code (source)
- CISA: Hackers still exploiting older Ivanti bugs to breach networks (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- Hackers exploiting flaws in SimpleHelp RMM to breach networks (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)