Security News > 2023 > February > Hydrochasma hackers target medical research labs, shipping firms
A previously unknown threat actor named Hydrochasma has been targeting shipping and medical laboratories involved in COVID-19 vaccine development and treatments.
A characteristic of Hydrochasma attacks is that they rely only on open-source tools and "Living off the land" tactics, leaving no traces that could lead to attribution.
A Hydrochasma attack likely begins with a phishing email, an assumption based on the fact that Symantec detected executables mimicking documents as the origin of the malicious activity on compromised machines.
"The tools deployed by Hydrochasma indicate a desire to achieve persistent and stealthy access to victim machines, as well as an effort to escalate privileges and spread laterally across victim networks," comments Symantec.
"While Symantec researchers didn't observe data being exfiltrated from victim machines, some of the tools deployed by Hydrochasma do allow for remote access and could potentially be used to exfiltrate data."
The researchers do not exclude the possibility that Hydrochasma is a known threat actor that started to experiment with the exclusive use of LotL tools and tactics in specific campaigns to cover their traces.