SideWinder, a hacker group that is also known as APT-C-17 or Rattlesnake, often targets Pakistan with malicious cyberattacks and is doing so once again. The hackers now targeted the official website of the National Electric Power Regulatory Authority (NEPRA) with malware called WarHawk.
The hack was originally spotted by cybersecurity experts at Zscaler ThreatLabz. Here is what they said about WarHawk which is specifically tailored to target Pakistan.
The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection and Pakistan Standard Time zone check in order to ensure a victorious campaign.
The Rattlesnake is suspected to be an Indian hacking group backed by their government. However, older reports from Kaspersky have revealed that evidence that led to the attribution has since disappeared, making it tough to link the hackers with India. But it’s also true that Indian hackers have targeted Pakistani entities time and time again over the past years, so it would come as no surprise.
How it Functions
Rattler’s new assault on Pakistan was seen by Zscaler in September. It included the utilization of a weaponized ISO document that was facilitated on NEPRA’s site to initiate a kill chain that conveyed the Warmonger malware. The relic even went about as an imitation to conceal the assault by showing a genuine warning that was shared by the Bureau Division of Pakistan on July 27, 2022.
Warmonger can mask itself as genuine notable applications, for example, ASUS Update Arrangement or Realtek HD Sound Chief, that are as of now present in a huge number of Windows laptops. It draws clueless casualties into sending off the application, which executes code that naturally begins an unapproved information move of framework metadata to a far off server.
The order execution likewise conveys a second-stage payload that can approve and affirm whether the gadget’s time matches Pakistan’s Standard Time (PST). On the off chance that it can’t check and match the time, the cycle is ended.
There are undeniably more specialized subtleties engaged with the hack yet in easier words, it can take delicate information from a PC despite the administrator’s good faith by acting like an honest application. On the off chance that you are keen on additional perplexing subtleties, we will pass on a connection to the first report beneath.
This assault was utilized to focus on a few significant Pakistani government elements like SNGPL, NADRA, FIA, Customs, Public Wellbeing Work area, and the Service of International concerns.
The researchers concluded:
The SideWinder APT Group is continuously evolving their tactics and adding new malware to their arsenal in order to carry out successful espionage attack campaigns against their targets.
