Harvester

Description

(Symantec) A previously unseen actor, likely nation-state-backed, is targeting organizations in South Asia, with a focus on Afghanistan, in what appears to be an information-stealing campaign using a new toolset.

The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology (IT). The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor.

Names

Name	Name-Giver
Harvester	Symantec

Country

Unknown

State-sponsored

Motivation

Information theft and espionage

First Seen

2021

Observed Sectors

Government
IT
Telecommunications

Observed Countries

Afghanistan
South Asia

Tools

Cobalt Strike
Graphon
Metasploit

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia

Other Information

Uuid

ca6c1291-9289-464b-9d77-0b5364687168

Last Card Change

2021-11-03

Threat Intelligence Garden

Explorer

Harvester

Harvester

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks

Threat Intelligence Garden

Explorer

Harvester

Harvester

Description

Names

Country

Sponsor

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks