Security News > 2020 > September > Researchers Uncover Cyber Espionage Operation Aimed At Indian Army
The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction.
What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.
Once opened, the LNK files abuse "Mshta.exe" to execute malicious HTA files that are hosted on fraudulent websites, with the HTA files created using an open-sourced payload generation tool called CACTUSTORCH. A Multi-stage Malware Delivery Process.
The first stage HTA file includes a decoy document and a malicious.
Although the modus operandi of naming DLL files shares similarities with the SideWinder group, the APT's heavy reliance on the open-sourced toolset and an entirely different C2 infrastructure led the researchers to conclude with reasonable confidence that the threat actor is of Pakistani origin - specifically the Transparent Tribe group, which has been recently linked to several attacks targeting the Indian military and government personnel.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/LoOxwj96Dpo/cyberattack-indian-army.html
Related news
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia (source)