Government Issues New Warning for Windows Users in Pakistan

The government of Pakistan has issued a cybersecurity warning concerning the ‘Dead Glyph Backdoor,’ which is being used by Advanced Persistent Threat (APT) groups to target global government entities and critical infrastructure.

According to the advisory, the Dead Glyph backdoor infiltrates Windows-based online systems through files that appear to be impersonated but contain malicious scripts. It uses backdoor exploit code to compromise the online system and then stores fake DLL files in the Windows C Drive. Subsequently, the fake DLL file initiates second-stage malware by executing unauthorized PowerShell scripts, extracting critical user data, and transmitting it to the attacker with a random network communication timing pattern to evade detection.

The advisory provides recommendations for government departments to bolster cybersecurity measures, including system hardening and whitelisting at all levels, installing reputable and licensed security software, manually inspecting the C Drive System32 folder for suspicious file activity, and regularly monitoring domain controllers for signs of malware infection. It also advises examining network logs to detect abnormal network traffic and blocking outbound network connections from various executables.

Additionally, the advisory suggests blacklisting unnecessary Windows commands and utilities and blocking the execution of scripts with specific extensions. It encourages the implementation of Sender Policy Framework (SPF) for email validation, application whitelisting, and strict adherence to Software Restriction Policies (SRP) to block binaries from running in specific paths.

Government departments are advised to stay up to date with software vulnerabilities, disable Remote Desktop Protocol (RDP) on endpoints when not in use, establish site-to-site VPN for remote access, and maintain updated anti malware solutions while regularly performing backups of critical data.

The advisory aims to enhance the cybersecurity posture of government entities in Pakistan and protect critical information from cyber threats.