Pakistani Hacker Targets Indian And Afghan Govt Portals To Steal Credentials: Report

New Delhi: A threat actor from Pakistan successfully socially engineered several ministries in Afghanistan and a shared government computer in India to stealthily obtain confidential information and gain access to Twitter, Facebook and Google credentials of its targets, reported IANS. 

Anti-malware software, Malwarebyte, in its latest finding detailed about the new ways and tools adopted by the APT Group which was known as SideCopy. It was named so as it attempts to mimic the infection chains associated with another group SideWinder and mislead attribution. 

Researcher at Malwarebyte, Hossein Jazi said, "The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications.” The report stated that the embedded files were tailored to target government and military officials based in India and Afghanistan. 

This revelation came after Meta recently announced that it had initiated action against four separate Pakistani and Syrian malicious cyber groups, found targeting people in Afghanistan which also included journalists, humanitarian organisations and anti-regime military forces, as reported by the Hacker News. 

The report stated that some of the prominent attacks were aimed at people associated with the Administration Office of The President of Afghanistan, Ministry of Affairs, Ministry of Finance and the National Procurement Authority which resulted in theft of social media passwords and password protected documents. It was reported that SideCopy also hacked into a shared computer in India and harvested credentials from government and education services. 

The report further said that the threat actor was said to have gained access to several Microsoft Office documents which included names, numbers and email addresses of officials and databases which had information about identity cards, diplomatic visas, and asset registrations from Afghan government websites. It is being expected that the threat actor would use this as future decoys or to fuel further attacks against the individuals, as per the report.