An Indian hacking group is targeting Pakistani embassies in various countries, it is learned reliably here.
The Pakistan Telecommunication Authority’s (PTA) Computer Emergency Readiness Team (CERT) has issued an advisory after receiving threat intelligence from Avast CERT that an APT group from India was involved in targeting Pakistani embassies in multiple countries including Brunei, Nepal, Argentina, and Azerbaijan during March-June 2022.
According to the document, Confucius Group spreads malware by sending spam scams with PDF attachments that contain links to phishing websites. These sites posed as official government websites and contained passwords for malicious documents that site visitors could download.
The malware used in cyber attacks is programmed to spy on victims and steal data. The regulator’s Avast CERT discovered malicious documents bearing various names relevant to recent events.
The ATP group removed additional infectious disease steps written in Microsoft’s object-oriented programming (OOP) language by means of malicious macros in documents. It was also discovered that the macros bypass several other malware families, including Trojan downloaders, file stealers, Quasarat, and custom RATs written in C++.
The PTA CERT has demanded that government officials ensure regular security monitoring of critical infrastructure, services and websites as well as phishing, social engineering and incident response training for employees. It also recommended against sending emails containing flashy content or unknown links.
PTA CERT has requested that government officials ensure continuous security monitoring of critical infrastructure, services, and websites, as well as training employees on phishing, social engineering, and incident response procedures.
It also advised against including tempting content and unknown links in the email. The authority has instructed government employees to exercise caution when dealing with file extensions such as.xlsx,.xls, pdf, doc, docx,.exe,.msi,.vb,.bat, and others, and to report suspicious email addresses to their respective organizations, the document added.