Wednesday, March 22, 2023

Indian Hackers Attacked NEPRA websites and Other Pakistan Entities Again

The hacking group SideWinder, which also does call APT-C-17 or Rattlesnake, is attacking the Pakistan NEPRA websites once again. At the moment, the WarHawk virus does use to attack the NEPRA website.

A cybersecurity company did call Zscaler ThreatLabz became the first to notice the breach. Here’s what they are to say about the Pakistan-focused WarHawk.

To make sure the Cobalt Strike campaign works, the recently found WarHawk backdoor is already doing an update with new techniques and procedures (TTP). Such as KernelCallBackTable injection and a check for the Pakistan Standard Time zone.

People think that the Rattlesnake is a group of hackers did fund by the Indian government. Kaspersky’s old research shows that the evidence that did lead to the original attribution is already did lose, making it hard to link the hackers to India. It’s true that Indian hackers have often also attacked Pakistan NEPRA websites over the past few years. So this isn’t very surprising.

How it works

In September, Zscaler did find the most recent Rattlesnake attack on Pakistan. In particular, the attackers used a weaponized ISO file found on NEPRA’s server to start a kill chain. That let the WarHawk virus spread. The artifact also did serve as a distraction by showing a real advisory that had been sent out by Pakistan’s Cabinet Division on July 27, 2022.

WarHawk can get into computers by pretending to remain legitimately did install programs like ASUS Update Setup or Realtek HD Audio Manager, both of which are common on Windows computers. By getting users who don’t know what’s going on to open the program. It can send sensitive information about their computers’ systems without them knowing to an attacker’s server.

The command also sends a second-stage payload that checks if the device’s clock is in sync with Pakistan Standard Time (PST). If the time can’t be confirmed and matched, the procedure ends.

There are many more overly complex parts to the hack but in simple terms. It can steal important data from a computer without the administrator knowing about it by pretending to be a harmless application. We’ve can include a link to the full report for those who want to learn more.

This attack hit SNGPL, NADRA, FIA, Customs, the National Health Desk, and also the Ministry of Foreign Affairs.

Based on the data found:

For the SideWinder APT Group’s espionage attacks on their targets of becoming successful. They must keep changing their methods and adding new viruses to their arsenal.

Read more: The icons on Twitter are getting a makeover

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Latest news
Would love your thoughts, please comment.x