Security News > 2023 > February > Clasiopa hackers use new Atharvan malware in targeted attacks
The threat actor is being tracked as Clasiopa by Symantec, a Broadcom company, whose analysts found a clue pointing to an Indian threat actor.
Symantec's investigation revealed that along with its backdoor, Clasiopa also used legitimate software such as Agile DGS and Agile FD, signed with old certificates.
The hackers relied on two backdoors for their attack: the custom Atharvan and the open source Lilith RAT. The latter can be used to execute commands, run PowerShell scripts, and to manipulate processes on the breached system.
Atharvan is the most interesting of the tools used by Clasiopa because it is a custom backdoor not seen in any other attacks in the wild.
The hint pointing to a threat actor in India is a mutex in Hindi that the researchers discovered in the custom backdoor: "SAPTARISHI-ATHARVAN-101," Atharvan referring to a legendary priest in Vedic mythology, the son of Brahmā, the Creator.
Symantec's report provides a set of hashes for the malware discovered in malicious campaigns attributed to Clasiopa.
News URL
Related news
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Open-source malware doubles, data exfiltration attacks dominate (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)