Notorious Indian Hacking Group is Targeting Pakistani Embassies

An Indian hacking group is targeting Pakistani embassies in various countries, it is learnt reliably here.

The Pakistan Telecommunication Authority’s (PTA) Computer Emergency Readiness Team (CERT) has issued an advisory after receiving threat intelligence from Avast CERT that an APT group from India was involved in targeting Pakistani embassies in multiple countries including Brunei, Nepal, Argentina, and Azerbaijan during March-June 2022, according to an official document seen by Propakistani.

The Confucius group, according to the document, spreads its malware by sending phishing emails with PDF attachments that contained links to phishing websites. These sites impersonated official government websites and contained passwords to malicious documents that visitors to the site can download. This is done to keep the files encrypted and prevent them from being detected by static AV scanners.

The malware used in cyber-attacks is designed to spy on victims and steal files. Malicious documents with various names related to current events were discovered by the regulator’s Avast CERT. The ATP group used malicious macros in documents to drop additional infection stages written in Microsoft’s object-oriented programming (OOP) language.

It has also been discovered that the macros drop several other malware families such as trojan downloaders, file stealers, QuasarRAT, and a custom RAT written in C++.

PTA CERT has requested that government officials ensure continuous security monitoring of critical infrastructure, services, and websites, as well as training employees on phishing, social engineering, and incident response procedures.

It also advised against including tempting content and unknown links in the email. The authority has instructed government employees to exercise caution when dealing with file extensions such as.xlsx,.xls, pdf, doc, docx,.exe,.msi,.vb,.bat, and others, and to report suspicious email addresses to their respective organizations, the document added.



  • close
    >