ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Hydrochasma

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Hydrochasma

NamesHydrochasma (Symantec)
MotivationInformation theft and espionage
First seen2022
Description(Symantec) Shipping companies and medical laboratories in Asia are being targeted in a likely intelligence-gathering campaign that relies exclusively on publicly available and living-off-the-land tools.

Hydrochasma, the threat actor behind this campaign, has not been linked to any previously identified group, but appears to have a possible interest in industries that may be involved in COVID-19-related treatments or vaccines.

This activity has been ongoing since at least October 2022. While Symantec, by Broadcom Software, did not see any data being exfiltrated in this campaign, the targets, as well as some of the tools used, indicate that the most likely motivation in this campaign is intelligence gathering.
ObservedSectors: Healthcare, Shipping and Logistics.
Countries: Asia.
Tools usedBrowserGhost, Cobalt Strike, GO Simple Tunnel, HackBrowserData, ProcDump, SoftEther VPN, Living off the Land.

Last change to this card: 25 April 2023

Download this actor card in PDF or JSON format

Previous: Hurricane Panda
Next: IAmTheKing

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]