A Harvester Group targeting Telcos, government&IT sector has been discovered by security researchers
Harvester group is targeting telecommunications, government, and information technology sectors by using custom backdoor to exploit victims’ devices remotely and gained access to victim’s machine. The attacker is using legitimate traffic by utilizing genuine CloudFront and Microsoft framework for its command and control (C&C) to bypass any detection mechanism.
The Harvester Group attackers are using various tools like Backdoor, Graphon (Custom Backdoor to connect to C&C), Custom Downloader and Screenshotter Metasploit along with Cobalt Strike Beacon.
Indicators of compromise (IOCs)
• Ensure Operating System and Software are updated with latest security patches. • Analyze Firewall and Internet proxy logs for the presence of mentioned IOCs. • Avoid handling files or URL links in emails, chats or shared folders from untrusted sources. • Provide phishing awareness trainings to your employees/contractors. • Keep Anti-malware solutions at endpoint and network level updated at all time. • Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints