No custom malware deployed in attack campaign that appears to rely exclusively on open-source tools.
Shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools.
Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments or vaccines.
This activity has been ongoing since at least October 2022. While Symantec, by Broadcom Software, did not see any data being exfiltrated in this campaign, the targets, as well as some of the tools used, indicate that the most likely motivation in this campaign is intelligence gathering.