Threat Management, Malware

Asian materials research firms targeted by novel Clasiopa hackers

Share

Novel hacking cluster Clasiopa, which is suspected to have Indian origins, has been attacking materials research entities across Asia, reports The Hacker News. Aside from deleting system monitor and event logs, Clasiopa has also launched the Atharvan and modified Lilith RAT backdoors to facilitate data exfiltration efforts, according to a Symantec report. Researchers also noted Atharvan's ability to enable file retrieval and arbitrary code execution. "The hard-coded C&C addresses seen in one of the samples analyzed to date was for Amazon AWS South Korea (Seoul) region, which is not a common location for C&C infrastructure," said researchers. Meanwhile, Clasiopa's links with India were suggested by its use of Hindu references in its custom backdoor and ZIP archive password. "While these details could suggest that the group is based in India, it is also quite likely that the information was planted as false flags, with the password in particular seeming to be an overly obvious clue," said Symantec.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.