- IT 리더가 지목한 AI 가치 실현의 최대 걸림돌은 ‘비용 관리’
- Los CIO consideran que la gestión de costes puede acabar con el valor de la IA
- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
Hydrochasma Group Targets Asian Medical and Shipping Sectors
A new threat actor has been seen targeting shipping companies and medical laboratories in Asia with phishing emails.
Dubbed “Hydrochasma” by Symantec cybersecurity researchers, the threat actor appears to have had a possible interest in industries connected with COVID-19 treatments or vaccines.
“The infection vector used by Hydrochasma was most likely a phishing email,” reads an advisory published by Symantec earlier today.
“The first suspicious activity seen on machines is a lure document with a file name in the victim organization’s native language that appears to indicate it was an email attachment.”
After obtaining initial access, the threat actors were observed dropping Fast Reverse Proxy (FRP), a tool exposing a local server sitting behind a network address translation (NAT) or firewall.
This, in turn, dropped a legitimate Microsoft Edge update file alongside a .dll file that is, in reality, the Meterpreter tool, which can be used to perform remote access on victim machines.
Symantec also spotted several additional malware tools in infected machines, including the Gogo scanning tool, the Cobalt Strike Beacon and Fscan, a publicly available port scanning tool.
Additionally, Symantec said it discovered a shellcode loader and a corrupted portable executable (PE) file on a victim’s network.
“While [we] didn’t observe data being exfiltrated from victim machines, some of the tools deployed by Hydrochasma do allow for remote access and could potentially be used to exfiltrate data,” reads the advisory.
“The sectors targeted also point towards the motivation behind this attack being intelligence gathering.”
According to the company, the fact that Hydrochasma did not use custom malware is notable.
“Relying exclusively on living-off-the-land and publicly available tools can help make an attack stealthier while also making attribution more difficult,” Symantec explained.
Healthcare is currently one of the most targeted sectors worldwide by threat actors using phishing techniques, as shown by new data from the Healthcare Information and Management Systems Society.
