Once again, Pakistan is the target of hostile assaults from SideWinder, a hacker collective also known as APT-C-17 or Rattlesnake. Now, WarHawk malware from the hackers was being used to attack the NEPRA website.
Cybersecurity professionals were the first to notice the attack. Here is what they had to say about WarHawk, which was made especially with Pakistan in mind.The Rattlesnake is thought to be an Indian hacker organisation supported by their government.
The material that supported the attribution, according to earlier Kaspersky reports, has since vanished, making it difficult to connect the hackers to India.But it’s also true that Indian hackers have repeatedly attacked Pakistani targets over the previous years, so it shouldn’t be shocking.
In September, a rattlesnake attack on Pakistan was discovered. It involved the activation of a kill chain that dispersed the WarHawk virus via a weaponized ISO file that was hosted on NEPRA’s website.
The artefact even served as a ruse to conceal the attack by displaying a genuine advisory provided by Pakistan’s Cabinet Division on July 27, 2022. WarHawk has the ability to pass for popular programmes that are already installed on many Windows PCs, such as ASUS Update Setup or Realtek HD Audio Manager.
Unaware victims are tricked into opening the app, which then runs code that immediately initiates an unauthorised data transfer of system metadata to a remote server.
A second-stage payload that can verify and confirm whether the device’s time corresponds to Pakistan Standard Time is also delivered as part of the command execution (PST). The process is stopped if it is unable to validate and match the time.
