"Hydrochasma Hackers Target Medical Research Labs, Shipping Firms"

Hydrochasma, a previously unknown threat actor, has been targeting shipping and medical laboratories engaged in the development and treatments of COVID-19 vaccines. The objective of the hackers appears to be to steal intelligence. Threat hunters at Symantec have been monitoring activities since October 2022. Hydrochasma attacks are distinguished by their reliance on the use of open-source tools and "living off the land" (LotL) techniques, leaving no traces that could lead to attribution. Since Symantec identified document-mimicking executables as the source of malicious activity on infected devices, it seems likely that a Hydrochasma attack begins with a phishing email. The theme of the fake documents is "product specification information" for shipping companies and "job applicant resume" for medical labs. After compromising a system, the attacker drops a Fast Reverse Proxy (FRP), which can expose web local servers behind a Network Address Translation (NAT) or firewall to the public. The hacker then drops Meterpreter, Gogo, Process Dumper, and other tools on the compromised system. This article continues to discuss the findings regarding Hydrochasma's activities. 

Bleeping Computer reports "Hydrochasma Hackers Target Medical Research Labs, Shipping Firms"