Security News > 2021 > October > Fresh APT Harvester Reaps Telco, Government Data

Fresh APT Harvester Reaps Telco, Government Data
2021-10-19 20:15

Harvester has invested in a range of tools for scything through organizations' defenses, Symantec found, including the "Graphon" custom backdoor.

"We do not know the initial infection vector that Harvester used to compromise victim networks, but the first evidence we found of Harvester activity on victim machines was a malicious URL," according to Symantec's writeup.

According to Symantec, it's compiled as a.NET PE DLL. When executed, it allows Harvester operators to run commands to control their input stream and capture the output and error streams.

In the Harvester implementation, it uses CloudFront infrastructure for its C2 activity.

"The capabilities of the tools, their custom development and the victims targeted, all suggest that Harvester is a nation-state-backed actor," according to the Monday posting from the firm.

"The activity carried out by Harvester makes it clear the purpose of this campaign is espionage, which is the typical motivation behind nation-state-backed activity."


News URL

https://threatpost.com/apt-harvester-telco-government-data/175585/