Pakistan has been the target of cyberattacks by the state-sponsored hacking group APT from India.
The APT group is targeting military and government organisations to steal information, according to the National Telecommunication & Information Security Board’s (NTISB) advisory.
In order to spread malware via phishing emails, the group is using a malicious email with the subject line “Cyber Security Advisory for Government Entities (Advisory No.54)”.
The warning claims that hackers are tricking users into downloading phoney cyber security advisories by sending spear phishing emails. To appear as though the Prime Minister’s Office has issued a cyber security advisory, hackers create phoney emails. The email includes a malicious attachment that came from a fake Pakistan Army website with the URL https://pakistanarmy(.)xyx, which is similar to PakistanArmy.gov.pk, the official website of the Pakistan Army.
The advisory claims that hackers have also been known to include a link to a “Security Patch Application” for government employees with their fake advisories. Any government official who clicks and downloads the link for such a fake application leaves their entire system open to attack.
The malware in question, according to the NTISB, is of the Trojan or Backdoor variety, and when it is executed, the downloaded file downloads a second-stage payload. Data retrieval and remote computer control are both capabilities of the malware.
The NTISB has advised local firewalls to block the URL https://pakistanarmy(.)xyx. The advisory also suggested educating employees at various civil and military organisations about these phishing attacks and putting in place the necessary safety precautions.