Security News > 2021 > October > State-backed hackers breach telcos with custom malware
"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said.
"The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."
Graphon - custom backdoor that uses Microsoft infrastructure for its C&C activity.
Custom Downloader - uses Microsoft infrastructure for its C&C activity.
Custom Screenshotter - periodically logs screenshots to a file.
The custom screenshot tool captures photos from the desktop and saves them to a password-protected ZIP archive that is exfiltrated through Graphon.
News URL
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- North Korean hackers spotted using ClickFix tactic to deliver malware (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- Orange Group confirms breach after hacker leaks company documents (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)
- Silk Typhoon hackers now target IT supply chains to breach networks (source)