Security News > 2023 > February > Clasiopa hackers use new Atharvan malware in targeted attacks
The threat actor is being tracked as Clasiopa by Symantec, a Broadcom company, whose analysts found a clue pointing to an Indian threat actor.
Symantec's investigation revealed that along with its backdoor, Clasiopa also used legitimate software such as Agile DGS and Agile FD, signed with old certificates.
The hackers relied on two backdoors for their attack: the custom Atharvan and the open source Lilith RAT. The latter can be used to execute commands, run PowerShell scripts, and to manipulate processes on the breached system.
Atharvan is the most interesting of the tools used by Clasiopa because it is a custom backdoor not seen in any other attacks in the wild.
The hint pointing to a threat actor in India is a mutex in Hindi that the researchers discovered in the custom backdoor: "SAPTARISHI-ATHARVAN-101," Atharvan referring to a legendary priest in Vedic mythology, the son of Brahmā, the Creator.
Symantec's report provides a set of hashes for the malware discovered in malicious campaigns attributed to Clasiopa.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)