Security News > 2021 > October > State-backed hackers breach telcos with custom malware

State-backed hackers breach telcos with custom malware
2021-10-18 17:28

"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said.

"The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."

Graphon - custom backdoor that uses Microsoft infrastructure for its C&C activity.

Custom Downloader - uses Microsoft infrastructure for its C&C activity.

Custom Screenshotter - periodically logs screenshots to a file.

The custom screenshot tool captures photos from the desktop and saves them to a password-protected ZIP archive that is exfiltrated through Graphon.


News URL

https://www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/