A menace actor generally known as Mysterious Elephant has been noticed focusing on Pakistani entities in a brand new espionage marketing campaign.
The group, additionally tracked as APT-Ok-47, has been lively since 2022 and certain originates in South Asia, in keeping with a brand new report from China-based cybersecurity agency Knownsec. The group’s objectives and strategies are much like these utilized by India-linked state-sponsored cyberespionage teams, together with SideWinder, Confucius and Bitter, the researchers stated.
The hackers delivered an improved model of the Asyncshell payload to contaminated gadgets as a part of its new marketing campaign. The payload was first recognized in January when researchers discovered a malicious pattern exploiting a vulnerability in a well-liked file archiver device for Home windows (WinRAR). Up to now, Knownsec has recognized 4 completely different variations of Asyncshell.
“APT-Ok-47 has steadily used Asyncshell to launch assault actions since 2023 and has steadily upgraded the assault chain and payload code,” the researchers stated.
The precise preliminary entry vector employed by the group within the newest marketing campaign is unknown, but it surely possible entails phishing emails.
The hackers delivered a malicious payload by way of a zipper file that contained an encrypted archive and a textual content file with a password. The group possible used this system to evade detection by antivirus packages, the researchers famous.
The decoy doc was hosted on a Pakistani ministry web site and primarily mentioned issues associated to the celebration of Hajj, the annual Islamic pilgrimage to Mecca.
Researchers haven’t disclosed the precise targets of the marketing campaign or its success — Mysterious Elephant’s earlier victims have been primarily based in Pakistan, Bangladesh and Turkey.
For example, in October 2023 the group used phishing assaults to ship a backdoor referred to as ORPCBackdoor to targets in Pakistan and different international locations.
Though this assault has not been instantly attributed to India, each nations have beforehand employed cyberespionage capabilities towards one another.
Earlier this 12 months, researchers found a marketing campaign linked to hackers allegedly primarily based in Pakistan who had used Android-based malware for six years to focus on India’s authorities and Indian firms within the protection and know-how sectors.
In February, suspected Indian state-sponsored hackers used romance scams to lure victims in Pakistan into putting in malicious apps, which contaminated their gadgets with spying malware.
Recorded Future
Intelligence Cloud.
