Materials research organizations in Asia have been targeted by a previously unknown threat actor using a distinct set of tools.
Symantec, by Broadcom Software, is tracking the cluster under the moniker Clasiopa. The origins of the hacking group and its affiliations are currently unknown, but there are hints that suggest the adversary could have ties to India.
This includes references to “SAPTARISHI-ATHARVAN-101” in a custom backdoor and the use of the password “iloveindea1998^_^” for a ZIP archive.
It’s worth noting that Saptarishi, meaning “Seven sages” in Sanskrit, refers to a group of seers who are revered in Hindu literature. Atharvan was an ancient Hindu priest and is believed to have co-authored one of the four Vedas, a collection of religious scriptures in Hinduism.