Security News > 2021 > July > IndigoZebra APT Hacking Campaign Targets the Afghan Government

Cybersecurity researchers are warning of ongoing attacks coordinated by a suspected Chinese-speaking threat actor targeting the Afghanistan government as part of an espionage campaign that may have had its provenance as far back as 2014.

Israeli cybersecurity firm Check Point Research attributed the intrusions to a hacking group tracked under the moniker "IndigoZebra," with past activity aimed at other central-Asian countries, including Kyrgyzstan and Uzbekistan.

"The threat actors behind the espionage leveraged Dropbox, the popular cloud-storage service, to infiltrate the Afghan National Security Council," the researchers said in a technical write-up shared with The Hacker News, adding they "Orchestrated a ministry-to-ministry style deception, where an email is sent to a high-profile target from the mailboxes of another high-profile victim."

The attacks funneled malicious commands into the victim machine that were camouflaged using the Dropbox API, with the implant creating a unique folder for every compromised host in an attacker-controlled Dropbox account.

BoxCaon's connection to IndigoZebra stems from similarities shared by the malware with xCaon.

"What is remarkable here is how the threat actors utilized the tactic of ministry-to-ministry deception," said Lotem Finkelsteen, head of threat intelligence at Check Point.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/4Y6MHBv-U8A/indigozebra-apt-hacking-campaign.html