A new hacker group named Hydrochasma is targeting medical companies in Asia that have ties with COVID-19 vaccines.
The threat actor may expand its scope of attack soon.
- The first step from the hacker group is using phishing to compromise its targets through email.
- Secondly, a Fast Reverse Proxy is dropped on the targeted system that ensures the threat actor can gain remote access.
- Researchers have tracked other common malware used in the group's campaigns, such as the Cobalt Strike Beacon, Gogo scanning tool, and Fscan.
- The targeted systems have not had their information stolen so far, but the breach leaves space for the hackers to steal it remotely at any given time.
- The new threat actor uses exclusively public tools to breach its victims, making it harder to track.
