An Indian hacking group is targeting Pakistani embassies around the world, according to reliable sources. After receiving threat intelligence from Avast CERT, the Pakistan Telecommunication Authority’s (PTA) Computer Emergency Readiness Team (CERT) issued an advisory that an APT group from India was involved in targeting Pakistani embassies in multiple countries, including Brunei, Nepal, Argentina, and Azerbaijan, between March and June 2022.
According to the document, the Confucius group spreads malware by sending spam scams with PDF attachments that contain links to phishing websites. These sites posed as official government websites and contained passwords to malevolent documents that site visitors could download.
The malware used in cyber-attacks is programmed to spy on victims and steal data. The regulator’s Avast CERT discovered malevolent documents with various names relevant to recent events.
The ATP group dropped additional infectious disease stages written in Microsoft’s object-oriented programming (OOP) language via malicious macros in documents. It was also discovered that the macros drop a variety of other malware families, including trojan downloaders, file stealers, QuasarRAT, and a custom RAT written in C++.
PTA CERT has demanded that government officials ensure regular security monitoring of vital infrastructure, services, and websites, as well as phishing, social engineering, and incident response training for employees. It also recommended against sending emails with tempting content or unknown links.
According to the document, the authority has instructed government employees to be cautious when working with file extensions such as.xlsx,.xls, pdf, doc, docx,.exe,.msi,.vb,.bat, and others, and to report bad email addresses to their respective organizations.