ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > Harvester

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Harvester

NamesHarvester (Symantec)
Country[Unknown]
SponsorState-sponsored
MotivationInformation theft and espionage
First seen2021
Description(Symantec) A previously unseen actor, likely nation-state-backed, is targeting organizations in South Asia, with a focus on Afghanistan, in what appears to be an information-stealing campaign using a new toolset.

The Harvester group uses both custom malware and publicly available tools in its attacks, which began in June 2021, with the most recent activity seen in October 2021. Sectors targeted include telecommunications, government, and information technology (IT). The capabilities of the tools, their custom development, and the victims targeted, all suggest that Harvester is a nation-state-backed actor.
ObservedSectors: Government, IT, Telecommunications.
Countries: Afghanistan and South Asia.
Tools usedCobalt Strike, Graphon, Metasploit.
Information<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia>

Last change to this card: 03 November 2021

Download this actor card in PDF or JSON format

Previous: Hafnium
Next: Hexane

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key