BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A new player has appeared in cyberspace - the Clasiopa group

    Cybersecurity researchers at cybersecurity firm Symantec report that materials research organizations in Asia have been targeted by a previously unknown group tracked by experts as Clasiopa.

    The origin of the hacker group and its affiliation is currently unknown, but there are hints that the cybercriminals may have ties to India. This conclusion was made based on links to "SAPTARISHI-ATHARVAN-101" (Saptarishi - a seer from Hindu literature, Atharvan - a priest, co-author of part of Hindu religious scriptures) in the backdoor and the use of the password "iloveindea1998^_^" for the malicious ZIP archive.

    "While these details may indicate that the group is based in India, it is also likely that the information was planted as a false flag, and the password, in particular, seems too obvious a clue," Symantec said in the report.

    The exact means of initial access is also unclear, although there are suspicions that hackers are conducting brute-force attacks on servers connected to the Internet. Some of the key signs of intrusions include clearing the system monitor and event logs, and deploying several backdoors such as Atharvan and a modified open source version of Lilith RAT to steal sensitive information.

    In addition, Atharvan can contact a hard-coded command and control server address (C2, C&C) to extract and run arbitrary executable files on the infected host. The C&C server addresses refer to Amazon AWS in South Korea, which is not a common place for C2 infrastructure.

    Judging by the tools and tactics used, the group's main motive is to gain constant access to devices without detection, as well as to steal information.

    Author DeepWeb
    Medusa group asks US school district for $1 million ransom
    PureCrypter malware attacks government organizations with ransomware and information thieves

    Comments 0

    Add comment