Fresh APT Harvester Reaps Telco, Government Data

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.

A previously unseen advanced persistent threat (APT) group dubbed Harvester by researchers is attacking telcos, IT companies and government-sector targets in a campaign that’s been ongoing since June.

According to a Symantec analysis, the group sports a veritable cornucopia of advanced and custom tools, and it’s on a quest to carry out espionage activities in Afghanistan and elsewhere in that region.

As of October, the campaign was still ongoing, looking to dig up a bounty of sensitive data.

A Sharp Set of Tools

Harvester has invested in a range of tools for scything through organizations’ defenses, Symantec found, including the “Graphon” custom backdoor.

Graphon is deployed alongside a tool for gathering screenshots and downloaders for other malware and tools – offering a host of remote-access and data-exfiltration capabilities.

“We do not know the initial infection vector that Harvester used to compromise victim networks, but the first evidence we found of Harvester activity on victim machines was a malicious URL,” according to Symantec’s writeup. “The group then started to deploy various tools, including its custom Graphon backdoor, to gain

Read More: https://threatpost.com/apt-harvester-telco-government-data/175585/