New Attack Group Clasiopa Targets Materials Research Organization in Asia with Custom Malware

Threat Advisories

New Attack Group Clasiopa Targets Materials Research Organization in Asia with Custom Malware

Threat Level
Actor Report

For a detailed threat advisory, download the pdf file here

Summary

A new attack group called Clasiopa has been observed targeting materials research organizations in Asia using a distinct toolset that includes a custom malware called Backdoor.Atharvan. It is unclear where Clasiopa is based or who they act on behalf of, although there are indications that imply the group may have links to India. The attackers gain access through brute force attacks on public-facing servers and use multiple backdoors to build lists of file names and exfiltrate them.