• Rachel Hanlon

A Harvester Group targeting Telcos, government&IT sector has been discovered by security researchers

Description

Harvester group is targeting telecommunications, government, and information technology sectors by using custom backdoor to exploit victims’ devices remotely and gained access to victim’s machine. The attacker is using legitimate traffic by utilizing genuine CloudFront and Microsoft framework for its command and control (C&C) to bypass any detection mechanism.

The Harvester Group attackers are using various tools like Backdoor, Graphon (Custom Backdoor to connect to C&C), Custom Downloader and Screenshotter Metasploit along with Cobalt Strike Beacon.

Indicators of compromise (IOCs)

File hashes:

  • 0740cc87a7d028ad45a3d54540b91c4d90b6fc54d83bb01842cf23348b25bc42

  • 303f93cc47c58e64665f9e447ac11efe5b83f0cfe4253f3ff62dd7504ee935e0

  • 3c34c23aef8934651937c31be7420d2fc8a22ca260f5afdda0f08f4d3730ae59

  • 3c8fa5cc50eb678d9353c9f94430eeaa74b36270c13ba094dc5c124259f0dc31

  • 470cd1645d1da5566eef36c6e0b2a8ed510383657c4030180eb0083358813cd3

  • 691e170c5e42dd7d488b9d47396b633a981640f8ab890032246bf37704d4d865

  • a4935e31150a9d6cd00c5a69b40496fea0e6b49bf76f123ea34c3b7ea6f86ce6

  • c4b6d7e88a63945f3e0768657e299d2d3a4087266b4fc6b1498e2435e311f5d1

  • cb5e40c6702e8fe9aa64405afe462b76e6fe9479196bb58118ee42aba0641c04

  • d84a9f7b1d70d83bd3519c4f2c108af93b307e8f7457e72e61f3fa7eb03a5f0d

  • f4a77e9970d53fe7467bdd963e8d1ce44a2d74e3e4262cd55bb67e7b3001c989

Recommendations

Workaround:

• Ensure Operating System and Software are updated with latest security patches. • Analyze Firewall and Internet proxy logs for the presence of mentioned IOCs. • Avoid handling files or URL links in emails, chats or shared folders from untrusted sources. • Provide phishing awareness trainings to your employees/contractors. • Keep Anti-malware solutions at endpoint and network level updated at all time. • Deploy Endpoint Detection & Response (EDR) tools to detect latest malwares and suspicious activities on endpoints

References

  • Https://Symantec-enterprise-blogs.security.com/blogs/threat-]intelligence/harvester-new-apt-attacks-asia



3 views0 comments