Threat group using ancient Hindu sage name as smokescreen, analyst suggests

A new threat group has appeared on the cybercrime scene and appears to be going after targets in Asia – however, it is not known which country it is affiliated to, with indicators suggesting India likely to be “false flags”, according to researcher Symantec.

Dubbed Clasiopia by the cyber analyst, the threat group was observed targeting a research body in Asia with what looks to be a custom-made malware tool known as Backdoor.Atharvan.

The latter takes its name from a legendary Hindu sage in ancient Vedic scripture, though Symantec believes this could simply be a red herring left by cunning threat actors.

“There is currently no firm evidence on where Clasiopa is based or what its motivation is,” it said. “While these details could suggest that the group is based in India, it is also quite likely that the information was planted as false flags, with the password in particular seeming to be an overly obvious clue.”

The cybersecurity firm was also left similarly mystified as to the new threat group’s exact modus operandi when it comes to breaching target organizations.

“The infection vector used by Clasiopa is unknown, although there is some evidence to suggest that the attackers gain access through brute force attacks on public facing servers, added Symantec.

Other hallmarks signs of Clasiopia’s attack vector to watch out for include using the URL to verify the internet protocol address of a target, and opening multiple backdoors to access systems and build up lists of file names for exfiltration – in layman’s terms, stealing.

Symantec also reports that Clasiopia appears to be using legal tools in its hardware kit, too: one target computer it looked at was found running “Agile DGS and Agile FD servers, software developed by Jiangsu”.

More from Cybernews:

One year of Russia’s cyberwar in Ukraine: what we have learned

EU body imposes staff TikTok ban

WhatsApp, Grindr, Facebook used to persecute LGBT people

Smartwatch fitness tracker could trigger heart attacks

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked