Indian state-sponsored hacking group APT is involved in cyber attacks in Pakistan.
According to the advisory issued by the National Telecommunication & Information Security Board (NTISB), the APT group is targeting government and military organizations to steal information.
The group is using a malicious email titled “Cyber Security Advisory for Government Entities (Advisory No.54)” for spreading malware through phishing emails.
According to the advisory, the hackers are using spear phishing emails to lure in users on downloading fake cyber security advisories. Hackers draft fake emails to make it look like a cyber security advisory has been issued by the Prime Minister’s Office. The email contains a malicious attachment from a fake website (https://pakistanarmy(.)xyx) whose URL is similar to the official website of the Pakistan Army (Pakistanarmy.gov.pk).
According to the advisory, hackers also use to attach the link of the “Security Patch Application” for Government Employees with the fake advisory. The entire system of the government official who clicks and downloads the link of such a fake application will be exposed to cyber-attack.
According to the NTISB, this malware is Trojan or Backdoor type and the downloaded file upon execution downloads a second-stage payload. The malware has the capacity to remotely control the victim’s computer and retrieve data.
The NTISB has recommended the blocking of URL https://pakistanarmy(.)xyx at local firewalls. The advisory also recommended sensitizing the persons employed at various civil and military organizations against these phishing attacks and ensuring necessary protective measures.
