A suspected Pakistani group has started modern phishing attacks on India’s sensitive infrastructure such as power, telecom, and Finance, according to a leading cybersecurity firm.
Pentapostagma reported that a cybersecurity consultant of Quick Heal Technologies said that a suspected Pakistani group has started a wave of sophisticated phishing attacks targeting India’s crucial infrastructure such as power and telecom.
As per the security consultant, the final intrusion chain begins with a spear-phishing email – an email that is designed to get the user to install a virus, trojan or other malware.
Often, the emails pretend to be from government agencies and also come attached with a fake document – such as an IT return and urges the user to download and open it, reported Pentapostagma.
“The email content attempts to lure the user into extracting the attached zip archive. Upon extraction, the user would see a document file which is in fact an extension spoofed LNK file which is usually seen a shortcuts”, the company said.
“The user opens the document, the LNK payloads gets launched and initiates the malicious activities in the background. To ensure the user is not suspicious, a decoy document is presented to him/her.”, it said. LNK is a widely deployed Windows link format that is typically used as a shortcut to launch programs or executables.
“Once the LNK file is launched, it downloads the HTA payload from a compromised domain and executes it via mshta.exe. This HTA file is responsible for showing the decoy document to the user . In addition , it drops an executable of LimShell on disc and executes it”.
The cybersecurity consultant found that the command and control servers were from Pakistan.
Further investigation revealed that the provider of the IP address is Pakistan Telecommunication Company Limited.
“This revelation further strengthens the claim that Opration Side copy which is operated by the Transparent Tribe group is originating in Pakistan. The report further revealed the list of targets that were identified through the analyzed C2s. These targets include Critical infrastructure PSUs from telecom, power and finance sectors”.