• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Hydrochasma Group Targets Asian Medical and Shipping Sectors

You are here: Home / General Cyber Security News / Hydrochasma Group Targets Asian Medical and Shipping Sectors
February 22, 2023

A new risk actor has been viewed focusing on transport companies and healthcare laboratories in Asia with phishing emails.

Dubbed “Hydrochasma” by Symantec cybersecurity scientists, the risk actor seems to have had a attainable curiosity in industries linked with COVID-19 remedies or vaccines.

“The an infection vector utilized by Hydrochasma was most very likely a phishing email,” reads an advisory revealed by Symantec before currently.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“The initial suspicious exercise found on machines is a lure document with a file name in the victim organization’s native language that appears to reveal it was an email attachment.”

Just after obtaining first obtain, the menace actors were observed dropping Quick Reverse Proxy (FRP), a resource exposing a area server sitting down powering a network tackle translation (NAT) or firewall.

This, in turn, dropped a authentic Microsoft Edge update file together with a .dll file that is, in truth, the Meterpreter resource, which can be made use of to perform remote access on sufferer equipment.

Symantec also spotted a number of more malware instruments in contaminated equipment, including the Gogo scanning device, the Cobalt Strike Beacon and Fscan, a publicly available port scanning tool.

Also, Symantec reported it found a shellcode loader and a corrupted moveable executable (PE) file on a victim’s network.

“While [we] didn’t notice info currently being exfiltrated from victim machines, some of the equipment deployed by Hydrochasma do allow for for distant access and could possibly be utilised to exfiltrate facts,” reads the advisory.

“The sectors specific also issue toward the determination powering this attack becoming intelligence gathering.”

According to the corporation, the truth that Hydrochasma did not use customized malware is noteworthy.

“Relying exclusively on living-off-the-land and publicly readily available tools can enable make an attack stealthier whilst also producing attribution far more tricky,” Symantec spelled out.

Health care is at present a person of the most specific sectors all over the world by risk actors using phishing tactics, as shown by new details from the Health care Info and Management Methods Society.


Some sections of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Npm Packages Used to Distribute Phishing Links
Next Post: Open Source Flaws Found in 84% of Codebases Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.