Security News > 2023 > February > NewsPenguin Threat Actor Emerges with Malicious Campaign Targeting Pakistani Entities

A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure.

"The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry Research and Intelligence Team said.

PIMEC, short for Pakistan International Maritime Expo and Conference, is an initiative of the Pakistan Navy and is organized by the Ministry of Maritime Affairs with an aim to "Jump start development in the maritime sector." It's scheduled to be held from February 10-12, 2023.

The Canadian cybersecurity company said the attacks are designed to target marine-related entities and the event's visitors by tricking the message recipients into opening the seemingly harmless Microsoft Word document.

The name NewsPenguin is a reference to the uncommon XOR key and the name parameter, with BlackBerry finding no tactical overlaps that connect the malware to any currently-known threat actor or group.

"As the target is an event run by the Pakistan Navy, it implies that the threat actor is actively targeting government organizations, rather than this being a financially motivated attack," BlackBerry said.

News URL

https://thehackernews.com/2023/02/newspenguin-threat-actor-emerges-with.html