BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
BTC $56772.0455
ETH $3229.2692
BNB $393.0365
SOL $106.6536
stETH $3224.6597
XRP $0.5621
ADA $0.6137
AVAX $38.6261
DOGE $0.0960
TRX $0.1415
wstETH $3753.2551
DOT $8.0619
LINK $18.8685
WETH $3222.5827
MATIC $1.0217
UNI $10.5943
WBTC $56672.8182
IMX $3.2827
ICP $12.8638
BCH $296.0952
LTC $73.4211
CAKE $3.1049
LEO $4.3751
ETC $27.6986
FIL $7.7121
KAS $0.1681
RNDR $7.1714
DAI $0.9992
HBAR $0.1085
ATOM $10.9103
INJ $37.3719
VET $0.0480
TON $2.1032
OKB $51.5043
FDUSD $1.0007
LDO $3.4620
STX $3.0518
XMR $133.5710
ARB $1.8885
XLM $0.1189
GRT $0.2844
TIA $16.9400
NEAR $3.9210
ENS $21.6903
MKR $2126.5962
WEMIX $2.0704
APEX $2.3723
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A new player has appeared in cyberspace - the Clasiopa group

    Cybersecurity researchers at cybersecurity firm Symantec report that materials research organizations in Asia have been targeted by a previously unknown group tracked by experts as Clasiopa.

    The origin of the hacker group and its affiliation is currently unknown, but there are hints that the cybercriminals may have ties to India. This conclusion was made based on links to "SAPTARISHI-ATHARVAN-101" (Saptarishi - a seer from Hindu literature, Atharvan - a priest, co-author of part of Hindu religious scriptures) in the backdoor and the use of the password "iloveindea1998^_^" for the malicious ZIP archive.

    "While these details may indicate that the group is based in India, it is also likely that the information was planted as a false flag, and the password, in particular, seems too obvious a clue," Symantec said in the report.

    The exact means of initial access is also unclear, although there are suspicions that hackers are conducting brute-force attacks on servers connected to the Internet. Some of the key signs of intrusions include clearing the system monitor and event logs, and deploying several backdoors such as Atharvan and a modified open source version of Lilith RAT to steal sensitive information.

    In addition, Atharvan can contact a hard-coded command and control server address (C2, C&C) to extract and run arbitrary executable files on the infected host. The C&C server addresses refer to Amazon AWS in South Korea, which is not a common place for C2 infrastructure.

    Judging by the tools and tactics used, the group's main motive is to gain constant access to devices without detection, as well as to steal information.

    Author DeepWeb
    Medusa group asks US school district for $1 million ransom
    PureCrypter malware attacks government organizations with ransomware and information thieves

    Comments 0

    Add comment