Security News > 2021 > December > Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals.

Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy, which is so-called because of its attempts to mimic the infection chains associated with another group tracked as SideWinder and mislead attribution.

"The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," Malwarebytes researcher Hossein Jazi said, adding the embedded files are tailored to target government and military officials based in Afghanistan and India.

The revelation comes close on the heels of disclosures that Meta took steps to block malicious activities carried out by the group on its platform by using romantic lures to compromise individuals with ties to the Afghan government, military, and law enforcement in Kabul.

The cyber espionage campaign observed by Malwarebytes involves the target opening the lure document, leading to the execution of a loader that's used to drop a next-stage remote access trojan called ActionRAT, which is capable of uploading files, executing commands received from a server, and even download more payloads.

Then earlier this July, Cisco Talos researchers exposed the hacking group's myriad infection chains delivering bespoke and commodity remote access trojans such as CetaRAT, Allakore, and njRAT in what they called an expansion of malware campaigns targeting entities in India.

News URL

https://thehackernews.com/2021/12/researchers-detail-how-pakistani.html