Hydrochasma

Description

(Symantec) Shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools.

Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments or vaccines.

This activity has been ongoing since at least October 2022. While Symantec, by Broadcom Software, did not see any data being exfiltrated in this campaign, the targets, as well as some of the tools used, indicate that the most likely motivation in this campaign is intelligence gathering.

Names

Name	Name-Giver
Hydrochasma	Symantec

Country

Unknown

Motivation

Information theft and espionage

First Seen

2022

Observed Sectors

Observed Countries

Asia

Tools

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering

Other Information

Uuid

4adfaa81-56ce-462d-b1ea-d88312b4b937

Last Card Change

2023-04-25

Threat Intelligence Garden

Explorer

Hydrochasma

Hydrochasma

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks