An advisory from the National Telecommunication & Information Security Board (NTISB) reveals the involvement of an Indian state-sponsored hacking group known as APT in cyber assaults within Pakistan. The group’s primary focus is on government and military entities, aiming to purloin critical information. The hackers employ a deceptive email named “Cyber Security Advisory for Government Entities (Advisory No.54)” to proliferate malware through phishing tactics.
The advisory outlines that the hackers utilize spear phishing emails to entice users into downloading counterfeit cyber security advisories. These emails are meticulously crafted to imitate official communications from the Prime Minister’s Office. Contained within the email is a malevolent attachment originating from a bogus website (https://pakistanarmy(.)xyx), bearing a resemblance to Pakistan Army’s official website (Pakistanarmy.gov.pk).
Additionally, the hackers append a link to the “Security Patch Application” for Government Employees alongside the sham advisory. Those who fall prey and download this fraudulent application unknowingly expose their entire system to potential cyber threats.
NTISB identifies this malware as a Trojan or Backdoor variant. Once activated, it acquires a secondary payload, granting the capability to remotely manipulate the victim’s computer and extract sensitive data. NTISB’s recommendations include the local firewall blockade of the URL https://pakistanarmy(.)xyx, sensitization of personnel within both civil and military organizations to thwart such phishing assaults, and implementation of necessary protective measures.