Asian medical and shipping orgs face threats from Hydrochasma

March 13, 2023
Asian Medical Shipping Orgs Face Threats Hydrochasma Threat Group

A newly emerged threat group, Hydrochasma, is the latest addition to the long-line cybercriminal groups targeting Asia. This emerging threat aims at medical laboratories and shipping companies in Asia.

Researchers have yet to link this new group to known threat actors since it has no activities that could tie it with other cybercriminals. However, some researchers noticed that this group had been interested in attacking industries connected to COVID-19 vaccines or treatments.

 

The Hydrochasma group made its debut in October last year.

 

According to investigations, the new Hydrochasma threat group already has persistent cybercriminal activities that started in October 2022.

Unfortunately, researchers have yet to confirm the main headquarters of its operators, but they are confident that this group primarily targets COVID-19 vaccine developments and treatments.

In addition, some experts believe Hydrochasma operators use phishing emails as their primary weapon to target users. The group selects a targeted device to deploy a lure, including a document with file names that depends on the region’s native language.

These threat actors also used alluring documents masquerading as a resume to acquire initial intrusion on a targeted system. Experts claimed that the primary mission of the Hydrochasma campaign is intelligence gathering as the nature of the target and kits they adopted are typical for harvesting information.

Fortunately, researchers have not recorded any exfiltrated data during the threat actors’ recent attacks.

However, these hackers use tools for establishing long-term persistence and obfuscated access to their targeted devices while trying to increase privileges and propagate. As of now, the group has employed publicly available and living-off-the-land tools.

These hackers also deployed the Fast Reverse Proxy on a targeted system, a tool that could expose a local server behind a firewall. This strategy could improve the elusiveness of the campaign and avoid analysis from researchers.

The threat campaign against medical laboratories and shipping firms shows that the Hydrochasma operation is pure cyber espionage. Nevertheless, researchers should take note of this emerging threat since it has the potential to become a bigger adversary soon.

About the author

Leave a Reply