Newly-emergent threat operation Hydrochasma has launched an ongoing espionage campaign that has been targeting Asian shipping firms and medical laboratories since October, according to The Hacker News.
Hydrochasma, which is yet to be linked to any existing threat actor and may be focusing on industries involved in COVID-19 vaccines or treatments, has been leveraging open-source intelligence tools rather than custom malware, indicating the group's intent to evade identification, a report from Symantec revealed.
Researchers noted that attackers may have commenced the attack chain with phishing emails with resume-themed lures, which when downloaded and launched would prompt the distribution of the Cobalt Strike Beacon, Fscan, Fast Reverse Proxy, Meterpreter, Gost proxy, and BrowserGhost.
"The tools deployed by Hydrochasma indicate a desire to achieve persistent and stealthy access to victim machines, as well as an effort to escalate privileges and spread laterally across victim networks," said researchers.
Attacks without custom malware have also been conducted by the OPERA1ER cybercrime operation, also known as Bluebottle, against French-speaking African countries.
Aside from featuring over 40 million signals from the DNS Research Federation's data platform and the Global Anti-Scam Alliance's comprehensive stakeholder network, the Global Signal Exchange will also contain more than 100,000 bad merchant URLs and one million scam signals from Google.
While some threat actors established fraudulent disaster relief websites as part of phishing attacks aimed at exfiltrating financial details and Social Security numbers from individuals seeking aid, others impersonated Federal Emergency Management Agency assistance providers to create fake claims that enabled relief fund and personal data theft.
Malicious GitHub pages and YouTube videos containing links for purported cracked office software, automated trading bots, and game cheats, have been leveraged to facilitate the download of self-extracting password-protected archives.