ANI
04 Dec 2021, 18:33 GMT+10
New Delhi [India], December 04 (ANI): A report by thehackernews.com has revealed that Pakistani hackers are targeting the Indian and Afghan governments, especially the military officials to steal sensitive Google, Twitter and Facebook credentials from its targets and stealthily obtain access to government officials.
The portal said, "Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy, which is so-called because of its attempts to mimic the infection chains associated with another group tracked as SideWinder and mislead attribution".
"The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," the report quoted Malwarebytes researcher Hossein Jazi as saying.
He added, "The embedded files are tailored to target government and military officials based in Afghanistan and India".
Thehackernews.com said in its report the revelation comes close on the heels of disclosures that Meta took steps to block malicious activities carried out by the group on its platform by using romantic lures to compromise individuals with ties to the Afghan government, military, and law enforcement in Kabul.
Some of the prominent attacks were waged against personnel associated with the Administration Office of the President (AOP) of Afghanistan as well as the Ministry of Foreign affairs, Ministry of Finance, and the National Procurement Authority, resulting in the theft of social media passwords and password-protected documents.
"SideCopy also broke into a shared computer in India and harvested credentials from government and education services", said the report.
In addition, the actor is said to have siphoned several Microsoft Office documents, including names, numbers, and email addresses of officials and databases containing information related to identity cards, diplomatic visas, and asset registrations from the Afghani government websites, all of which are expected to be used as future decoys or to fuel further attacks against the individuals themselves.
The cyber espionage campaign observed by Malwarebytes involves the target opening the lure document, leading to the execution of a loader that's used to drop a next-stage remote access trojan called ActionRAT, which is capable of uploading files, executing commands received from a server, and even download more payloads.
Also dropped by the loader is a new information stealer dubbed AuTo Stealer, which is programmed to collect Microsoft Office files, PDF documents, text files, database files, and images before exfiltrating the information to its server over HTTP or TCP.
"This is far from the first time SideCopy APT's tactics have come to light. In September 2020, cybersecurity firm Quick Heal revealed specifics about an espionage attack aimed at Indian defence units and armed forces personnel at least since 2019 with an aim to steal sensitive information", said thehackernews.com report.
Then earlier this July, Cisco Talos researchers exposed the hacking group's myriad infection chains delivering bespoke and commodity remote access trojans such as CetaRAT, Allakore, and njRAT in what they called an expansion of malware campaigns targeting entities in India. (ANI)Get a daily dose of Afghanistan Sun news through our daily email, its complimentary and keeps you fully up to date with world and business news as well.
Publish news of your business, community or sports group, personnel appointments, major event and more by submitting a news release to Afghanistan Sun.
More InformationWASHINGTON, D.C.: The U.S. Transportation Department says it is working to fix a significant shortage of air traffic controllers by...
WASHINGTON, D.C.: The U.S. Department of Defense wants to change its contracts so the Army can fix its own weapons instead of always...
MEXICO CITY, Mexico: Mexico is laying the groundwork to reduce its standard work week from 48 to 40 hours by 2030, Labor and Social...
WASHINGTON, D.C.: U.S. Health and Human Services Secretary Robert F. Kennedy Jr. wants to change how vaccines are tested, according...
WASHINGTON, D.C.: In a challenge to California's push for cleaner transportation, the U.S. House of Representatives voted this week...
CHICAGO, Illinois: The Chicago and Cook County health departments say that two people in Cook County have measles. These are the...
Mumbai (Maharashtra) [India], May 6 (ANI): Gujarat Titans premier spinner Rashid Khan feels he is operating at 75 to 80 per cent and...
(250506) -- HOHHOT, May 6, 2025 (Xinhua) -- Australia's Claudia Fruscalzo (L) and China's Xiong Jing competes during the group A match...
ABU DHABI, 6th May 2025 (WAM) -- Saqr Ghobash, Speaker of the Federal National Council (FNC), held official talks with Sahiba Gafarova,...
(250506) -- HOHHOT, May 6, 2025 (Xinhua) -- Liu Wen Ling (C) of Chinese Taipei competes during the group A match between Uzbekistan...
An international freight train pulls out of the China-Kazakhstan (Lianyungang) Logistics Cooperation Base in Lianyungang, east China's...
Islamabad [Pakistan], May 6 (ANI): In the ongoing crackdown on Afghan migrants, Pakistan released 104 Afghan migrants from its jails,...