Security News > 2021 > October > State-backed hackers breach telcos with custom malware
"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said.
"The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."
Graphon - custom backdoor that uses Microsoft infrastructure for its C&C activity.
Custom Downloader - uses Microsoft infrastructure for its C&C activity.
Custom Screenshotter - periodically logs screenshots to a file.
The custom screenshot tool captures photos from the desktop and saves them to a password-protected ZIP archive that is exfiltrated through Graphon.
News URL
Related news
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)