Thursday, October 10, 2024
HomeCyber CrimeResearchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments

Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments

 

Indian and Afghan governments are being targeted by Pakistani hackers for stealing sensitive credentials from Google, Twitter, and Facebook. They used to stealthily access the government officials revealed by hacker’s news .com.

“Malwarebytes’ recent findings go into depth regarding the new techniques and tools utilized by the APT group known as Side Copy,” according to the portal, “which is so named because it attempts to mimic the infection chains linked with another gang tracked as SideWinder and mislead attribution.”

Malwarebytes researcher Hossein Jazi says the lures used by SideCopy APT are usually archived files with embedded LNK, Microsoft Publisher, or Trojanized Applications files. The embedded files are tailored to target government and military targets. As he explained, the embedded files are designed to target government and military officials in Afghanistan and India.

This latest discovery is crucial in light of recent disclosures that Meta took steps to disrupt the group’s destructive actions by utilizing romantic lures to compromise individuals with ties to the Afghan government, military, and law enforcement in Kabul. Afghan officials linked with the Administration Office of the President (AOP), as well as the Ministries of Foreign Affairs, Finance, and National Procurement Authority, have been targeted in a number of high-profile attacks. Similarly, the actor took several Microsoft Office documents from the Afghani government’s website, including information about identity cards, visas, and asset registrations, as well as names, numbers, and email addresses of officials. In cyber-espionage campaigns observed by Malwarebytes, targets open the lure document, resulting in the execution of a loader to drop a next-stage remote access Trojan known as ActionRAT. ActionRAT is capable of uploading files, executing commands from an attacker, and more. As part of the loader, a new information stealer, AuTo Stealer, was dropped. It is designed to collect Microsoft Office files, PDFs, text files, database files, and images before sending them to a remote server via HTML or TCP.

SideCopy APT’s tactics are not new. In September 2020, the cybersecurity firm Quick Heal informed the public about an espionage campaign targeting Indian defense units and armed forces personnel since at least 2019.

Cisco Talos researchers revealed earlier this July the hacking group’s proliferation of infection chains delivering bespoke and commodity remote access trojans such as CetaRAT, Allakore, and njRAT as part of what they described as an expansion of malware campaigns targeting Indian companies.

David Scott
David Scott
Digital Marketing Specialist .
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us