Security News > 2021 > October > State-backed hackers breach telcos with custom malware
"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said.
"The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."
Graphon - custom backdoor that uses Microsoft infrastructure for its C&C activity.
Custom Downloader - uses Microsoft infrastructure for its C&C activity.
Custom Screenshotter - periodically logs screenshots to a file.
The custom screenshot tool captures photos from the desktop and saves them to a password-protected ZIP archive that is exfiltrated through Graphon.
News URL
Related news
- Chinese hackers use new data theft malware in govt attacks (source)
- Fortinet confirms data breach after hacker claims to steal 440GB of files (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- Temu denies breach after hacker claims theft of 87 million data records (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms (source)
- Dell investigates data breach claims after hacker leaks employee info (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)