Security News > 2021 > October > State-backed hackers breach telcos with custom malware
"The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology," Symantec researchers said.
"The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor."
Graphon - custom backdoor that uses Microsoft infrastructure for its C&C activity.
Custom Downloader - uses Microsoft infrastructure for its C&C activity.
Custom Screenshotter - periodically logs screenshots to a file.
The custom screenshot tool captures photos from the desktop and saves them to a password-protected ZIP archive that is exfiltrated through Graphon.
News URL
Related news
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Fujitsu found malware on several systems, confirms data breach (source)