- Samsung's new flagship laptop rivals the MacBook Pro
- CIOs brace for tariff impacts on tech industry and their businesses
- My favorite bone conduction headphones have 3 invaluable safety features
- Tariff war has tech buyers wondering what's next. Here's what we know
- Google’s Sec-Gemini v1 Takes on Hackers & Outperforms Rivals by 11%
Hydrochasma Group Targets Asian Medical and Shipping Sectors
A new threat actor has been seen targeting shipping companies and medical laboratories in Asia with phishing emails.
Dubbed “Hydrochasma” by Symantec cybersecurity researchers, the threat actor appears to have had a possible interest in industries connected with COVID-19 treatments or vaccines.
“The infection vector used by Hydrochasma was most likely a phishing email,” reads an advisory published by Symantec earlier today.
“The first suspicious activity seen on machines is a lure document with a file name in the victim organization’s native language that appears to indicate it was an email attachment.”
After obtaining initial access, the threat actors were observed dropping Fast Reverse Proxy (FRP), a tool exposing a local server sitting behind a network address translation (NAT) or firewall.
This, in turn, dropped a legitimate Microsoft Edge update file alongside a .dll file that is, in reality, the Meterpreter tool, which can be used to perform remote access on victim machines.
Symantec also spotted several additional malware tools in infected machines, including the Gogo scanning tool, the Cobalt Strike Beacon and Fscan, a publicly available port scanning tool.
Additionally, Symantec said it discovered a shellcode loader and a corrupted portable executable (PE) file on a victim’s network.
“While [we] didn’t observe data being exfiltrated from victim machines, some of the tools deployed by Hydrochasma do allow for remote access and could potentially be used to exfiltrate data,” reads the advisory.
“The sectors targeted also point towards the motivation behind this attack being intelligence gathering.”
According to the company, the fact that Hydrochasma did not use custom malware is notable.
“Relying exclusively on living-off-the-land and publicly available tools can help make an attack stealthier while also making attribution more difficult,” Symantec explained.
Healthcare is currently one of the most targeted sectors worldwide by threat actors using phishing techniques, as shown by new data from the Healthcare Information and Management Systems Society.
