According to the reports obtained from reliable sources, a renowned Indian Hacking group is targeting Pakistani Embassies in multiple parts of the world. The Pakistan Telecommunication Authority’s (PTA) Computer Emergency Readiness Team (CERT) has also issued an advisory in this regard after receiving an intelligence report from Avast CERT
Indian Hacking Group Targeting Pakistani Embassies via Phishing Emails
The well-informed sources claimed that the Indian Hacking Group, The Confucius Group, is spreading the malware via phishing emails with PDF attachments that contain links to phishing websites. According to reports, the group is involved in targeting Pakistani embassies in multiple countries, including Brunei, Nepal, Argentina, and Azerbaijan, during March-June 2022.
A local tech blog reported that the phishing websites are impersonating the official government websites containing passwords to malicious documents that visitors can download, hence keeping the file encrypted and preventing it from being detected by static AV scanners. The group allegedly uses malicious macros in documents to drop additional infection stages written in Microsoft’s object-oriented programming (OOP) language. Moreover, the macros can include several other malware families, including Trojan downloaders, file stealers, Quasarat, and custom RATs written in C++.
Authorities Request Continuous Security Monitoring
The malicious documents were discovered by the regulator’s Avast CERT, which has also advised the government along with PTA, to ensure continuous security monitoring of critical infrastructure, services, and websites. It is also advised to train employees on phishing, social engineering, and incident response protocols; the employees are also instructed to avoid sending emails with compelling content or unknown links and to exercise caution when dealing with file extensions such as.xlsx,.xls, pdf, doc, docx,.exe,.msi,.vb,.bat, and others.