🐉

Water Hydra

Aliases

DarkCasino

Tags

State-SponsoredData Exfil.

Attribution

💰Cybercrime

Incidents

Microsoft Smartscreen Vulnerability Exploited by Water Hydra

References

https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html

Last edited

Aug 6, 2024 3:58 PM

Status

Finalized

Cloud-fluent

Unique Tools

DarkMe

Water Hydra is an advanced persistent threat (APT) group that emerged in 2021, initially targeting the financial sector, including banks, cryptocurrency platforms, forex and stock trading platforms, gambling sites, and casinos worldwide. Initially misattributed to the Evilnum group due to similar tactics, Water Hydra has since been recognized as a distinct entity. Notably, the group has demonstrated a high level of technical sophistication, employing undisclosed zero-day vulnerabilities in their attacks. In a 2023 campaign, they exploited the CVE-2023-38831 vulnerability in WinRAR to target stock traders, demonstrating their capability to use advanced techniques. Water Hydra's activities also included the use of the DarkMe VisualBasic remote access tool (RAT) as part of the DarkCasino campaign, which targeted European traders and gambling platforms.