| Category | Details |
|---|---|
| Threat Actors | Mysterious Elephant (also tracked as APT-K-47), likely originating from South Asia. |
| Campaign Overview | Espionage campaign targeting Pakistani entities using improved Asyncshell payloads. |
| Target Regions | Pakistan (primarily), with previous victims in Bangladesh and Turkey. |
| Methodology | Phishing emails delivering malicious zip files with encrypted archives and decoy documents; hosting decoy content on legitimate websites to evade detection. |
| Product Targeted | Windows systems (exploited WinRAR vulnerability), potentially others based on Asyncshell variants. |
| Malware Reference | Asyncshell payload (four versions identified); ORPCBackdoor (used in earlier campaigns). |
| Tools Used | Asyncshell payloads, phishing emails, password-protected archives, decoy documents hosted on legitimate websites. |
| Vulnerabilities Exploited | WinRAR vulnerability (exact details not specified). |
| TTPs | Phishing with password-protected archives; leveraging decoy documents on legitimate websites to bypass antivirus; upgrading attack chains and payloads over time. |
| Attribution | Likely South Asia-based; linked to groups such as SideWinder, Confucius, and Bitter, which are associated with Indian state-sponsored activities. |
| Recommendations | Enhance email filtering and monitoring for phishing attempts; patch systems to mitigate known vulnerabilities; use threat intelligence to track and respond to evolving tactics of Mysterious Elephant and similar threat actors. |
| Source | The Record |
Read full article : https://therecord.media/south-asian-hackers-target-pakistan-entities-in-espionage-campaign
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply