Newly-emergent threat operation Hydrochasma has launched an ongoing espionage campaign that has been targeting Asian shipping firms and medical laboratories since October, according to The Hacker News.
Hydrochasma, which is yet to be linked to any existing threat actor and may be focusing on industries involved in COVID-19 vaccines or treatments, has been leveraging open-source intelligence tools rather than custom malware, indicating the group's intent to evade identification, a report from Symantec revealed.
Researchers noted that attackers may have commenced the attack chain with phishing emails with resume-themed lures, which when downloaded and launched would prompt the distribution of the Cobalt Strike Beacon, Fscan, Fast Reverse Proxy, Meterpreter, Gost proxy, and BrowserGhost.
"The tools deployed by Hydrochasma indicate a desire to achieve persistent and stealthy access to victim machines, as well as an effort to escalate privileges and spread laterally across victim networks," said researchers.
Attacks without custom malware have also been conducted by the OPERA1ER cybercrime operation, also known as Bluebottle, against French-speaking African countries.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds