The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.
A previously unseen advanced persistent threat (APT) group dubbed Harvester by researchers is attacking telcos, IT companies and government-sector targets in a campaign that’s been ongoing since June.
According to a Symantec analysis, the group sports a veritable cornucopia of advanced and custom tools, and it’s on a quest to carry out espionage activities in Afghanistan and elsewhere in that region.
As of October, the campaign was still ongoing, looking to dig up a bounty of sensitive data.
A Sharp Set of Tools
Harvester has invested in a range of tools for scything through organizations’ defenses, Symantec found, including the “Graphon” custom backdoor.
Graphon is deployed alongside a tool for gathering screenshots and downloaders for other malware and tools – offering a host of remote-access and data-exfiltration capabilities.
“We do not know the initial infection vector that Harvester used to compromise victim networks, but the first evidence we found of Harvester activity on victim machines was a malicious URL,” according to Symantec’s writeup. “The group then started to deploy various tools, including its custom Graphon backdoor, to gain