Security News > 2023 > February > Clasiopa hackers use new Atharvan malware in targeted attacks
The threat actor is being tracked as Clasiopa by Symantec, a Broadcom company, whose analysts found a clue pointing to an Indian threat actor.
Symantec's investigation revealed that along with its backdoor, Clasiopa also used legitimate software such as Agile DGS and Agile FD, signed with old certificates.
The hackers relied on two backdoors for their attack: the custom Atharvan and the open source Lilith RAT. The latter can be used to execute commands, run PowerShell scripts, and to manipulate processes on the breached system.
Atharvan is the most interesting of the tools used by Clasiopa because it is a custom backdoor not seen in any other attacks in the wild.
The hint pointing to a threat actor in India is a mutex in Hindi that the researchers discovered in the custom backdoor: "SAPTARISHI-ATHARVAN-101," Atharvan referring to a legendary priest in Vedic mythology, the son of Brahmā, the Creator.
Symantec's report provides a set of hashes for the malware discovered in malicious campaigns attributed to Clasiopa.
News URL
Related news
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)