Scare Force: Pakistan military hit by Operation Shaheen malware
State-sponsored attack looks to infiltrate nuclear Air Force
The Pakistan Air Force is the apparent target of a complex new state-sponsored attack campaign.
Security house Cylance said this week a state-sponsored group – dubbed the White Company by researchers – has been looking to get into the networks of the Pakistani military in a long-term targeted attack campaign known as Operation Shaheen.
Over the last year, Cylance claims, the White Company group has been targeting members of the Air Force with phishing emails that contain remote access trojans which, in turn, install logging and command-and-control malware payloads if activated.
Operating in part behind the facade of a Belgian locksmith business, Operation Shaheen had at first sent out phishing emails with links to compromised websites, then later switched to emails with infected Word documents attached.
In both cases, the researchers found, the emails were specifically crafted to reference topics that would be relevant to appeal to the targets: the Pakistani Air Force, the Pakistani government, and Chinese Military and advisers in Pakistan.
"We cannot say with precision where those documents went, or which were successful. However, we can say that the Pakistan Air Force was a primary target," Cylance said.
"This is evident by the overriding themes expressed in document file names, the contents of the decoy documents, and the specificity employed in the military-themed lures."
Ukraine claims it blocked VPNFilter attack at chemical plantREAD MORE
Once infected, the malware looks to cover up its tracks layering the payload within multiple packing layers and by evading antivirus packages, currently going undetected by Sophos, ESET, Kaspersky, BitDefender, Avira, Avast, AVG, and Quickheal.
This has led the researchers to conclude that the group behind Operation Shaheen, the White Company, is a state-sponsored group with ample resources to carry out extended espionage campaigns.
Nailing down who exactly is behind the group, however, is proving more difficult for Cylance as there are no shortage of groups, both domestic and foreign, who would have an interest in spying on the Pakistani Air Force.
"Pakistan is a tumultuous, nuclear-armed nation with a history of explosive internal politics. Their position on the geopolitical chessboard makes them an obvious target of all the nation states with well-developed cyber programs (i.e. the Five Eyes, China, Russia, Iran, DPRK, Israel)," the Cylance report notes.
"They also draw attention from emerging cyber powers like India and the Gulf nations." ®