Researchers noticed a previously unknown state-sponsored actor that seems to be using a unique combination of tools in cyberattacks against South Asian telecommunications providers and IT corporations.
The cybercrime group’s objective is thought to be information collection. They are using highly targeted espionage campaigns concentrating on IT, telecom, and government institutions.
Dubbed Harvester, the attacker’s harmful tools have never been seen previously used in the wild, implying that this is a new threat actor with no known adversaries.
The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology (IT).
The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor.
The journalists at BleepingComputer put together a list of tools that are used by the Harvester operators in their attacks.
The attackers are apparently using Backdoor.Graphon, Custom Downloader, Custom Screenshotter, Cobalt Strike Beacon, and Metasploit.
The researchers at Symantec were unable to figure out what the initial infection vector was but some evidence of a malicious URL being used for that purpose has