A new hacking group called Clasiopa has been targeting materials research organizations in Asia using a distinct set of tools. The origins of the group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India. For instance, a custom backdoor reference “SAPTARISHI-ATHARVAN-101,” while the group used the password “iloveindea1998^_^” for a ZIP archive.
While these details could suggest that the group is based in India, it’s also possible that the information was planted as false flags, with the password seeming to be an overly obvious clue. The exact means of initial access is unclear, but it’s believed that the group takes advantage of brute-force attacks on internet-facing servers.
The group’s chief motive appears to be achieving persistent access to victim machines without being detected and carrying out information theft. The group’s tools and tactics suggest that it is highly skilled and likely to be state sponsored. Some of the malware used by the group has been detected by antivirus programs, but it’s possible that the group is using other, undetected tools.
Materials research organizations are an attractive target for cybercriminals and nation-state hackers because they deal with highly sensitive information that could be used for industrial espionage or to gain a competitive advantage.
Organizations in this sector should take steps to enhance their security posture and protect their data from unauthorized access. These steps include implementing robust access controls, regularly updating software, and educating employees about the risks of phishing and other cyber attacks.
