According to cybersecurity researchers, the Indian government is currently under attack by a suspected Pakistan-based possible state-sponsored threat actor. The report suggests the threat actor is leveraging the use of DISGOMOJI (the same all-in-one espionage tool discovered by Blackberry in connection with an attack campaign mounted by the Transparent Tribe actor) malware written in Golang with the ability to infect Linux systems.
One of the statements read “It is a modified version of the public project Discord-C2, which uses the messaging service Discord for command and control (C2), making use of emojis for its C2 communication.”
A deeper dive into the malware’s mode of operation revealed it follows the below pattern
- Command execution on the victim’s device
- Screenshot capturing on victims’ device
- File upload from the victim’s device to a dedicated channel
- File upload from victim’s device to transfer.sh
- File download on the victim’s device
- Download on file hosted on oshi.at to victim’s device
- Location and exfiltration of files with CSV, DOC, ISO, JPG, ODP, ODS, ODT, PDF, PPT, RAR, SQL, TAR, XLS and ZIP.
- Gathering of existing Mozilla Firefox profiles on the victim’s device into a ZIP archive
- Termination of malware process on victim’s device.
Smishing Scams Surge in Pakistan as Grandoreiro Banking Trojan Hits Brazil
Smishing Triad, a Chinese-linked threat actor, has expanded its territory beyond the E.U., Saudi Arabia, U.A.E and the United States by making Pakistan its latest primary target. A cybersecurity researcher suggested that the attack was financially motivated.
“The group’s latest tactic involves sending malicious messages on behalf of Pakistan Post to customers of mobile carriers via iMessage and SMS. The goal is to steal their personal and financial information.”
A deeper look into the attacker’s mode of operation revealed the threat actor leverages a stolen database purchased on the dark web to facilitate crafting enticing messages masquerading as failed package delivery information for phishing attacks. Unsuspecting victims input their financial details into a form provided to enable redelivery.
Another statement confirmed, “These scams primarily targeted individuals who were expecting legitimate packages from reputable courier services such as TCS, Leopard, and FedEx.”
Peregrinegp suffered a ransomware attack orchestrated by the Black Suit. The oil and gas company specializes in natural gas, oil and energy, energy exploration, and oil fields.
Spacebears ransomware group has launched an attack on Lee Trevino Dental. The company has been famous for its devotion to dental care since its inception. Lee Trevino specializes in cleanings, crowns, bleaching, exams, bridges, veneers, dentures, and extractions. The company has over 50 employees and a revenue of 5 million dollars.
Legrand CRM has suffered an attack from Hunters’ ransomware. The company, which has over 50 employees and over $7.1 million in revenue, specializes in Customer Relationship Management Software.
Â