Type Here to Get Search Results !

Alleged Indian Hackers Targeted NADRA, FIA, SNGPL, and Other Govt Entities Once Again

Alleged Indian Hackers Targeted NADRA, FIA, SNGPL, and Other Govt Entities Once Again

Alleged Indian Hackers Targeted NADRA, FIA, SNGPL, and Other Govt Entities Once Again

SideWinder, a hacker group that is also known as APT-C-17 or Rattlesnake, often targets Pakistan with malicious cyberattacks and is doing so once again. The hackers now targeted the official website of the National Electric Power Regulatory Authority (NEPRA) with malware called WarHawk.

The hack was originally spotted by cybersecurity experts at Zscaler ThreatLabzHere is what  said about WarHawk which is specifically tailored to target Pakistan.

The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection and Pakistan Standard Time zone check in order to ensure a victorious campaign.

The Rattlesnake is suspected to be an Indian hacking group backed by their government. However, older reports from Kaspersky have revealed that evidence that led to the attribution has since disappeared, making it tough to link the hackers with India. But it’s also true that Indian hackers have targeted Pakistani entities time and time again over the past years, so it would come as no surprise.

How it Works

Rattlesnake’s recent attack on Pakistan was spotted by Zscaler in September. It involved the use of a weaponized ISO file that was hosted on NEPRA’s website to activate a kill chain that deployed the WarHawk malware. The artifact even acted as a decoy to hide the attack by showing a legitimate advisory that was shared by the Cabinet Division of Pakistan on July 27, 2022.

WarHawk is able to disguise itself as legitimate well-known apps such as ASUS Update Setup or Realtek HD Audio Manager, that are already present in a multitude of Windows PCs. It lures unsuspecting victims into launching the app, which executes code that automatically starts an unauthorized data transfer of system metadata to a remote server.

The command execution also delivers a second-stage payload that is able to validate and confirm whether the device’s time matches Pakistan’s Standard Time (PST). If it is unable to verify and match the time, the process is terminated.

There are far more technical details involved in the hack but in simpler words, it is able to steal sensitive data from a computer behind the admin’s back by posing as an innocent app. If you are interested in more intricate details, we will leave a link to the original report below.

This attack was used to target several major Pakistani government entities such as SNGPL, NADRA, FIA, Customs, National Health Desk, and the Ministry of Foreign Affairs.

Indian Hackers attack
The Researchers Concluded :

The SideWinder APT Group is continuously evolving their tactics and adding new malware to their arsenal in order to carry out successful espionage attack campaigns against their targets.

More technical details can be found in Zscaler ThreatLabz’s original report.

Post a Comment

* Please Don't Spam Here. All the Comments are Reviewed by Admin.

Top Post Ad

Below Post Ad

Hollywood Movies