Confucius Targets Pakistani Military With Pegasus Spyware LuresConfucius Targets Pakistani Military With Pegasus Spyware Lures
The threat group conducted a recent spear-phishing campaign that uses Pegasus spyware-related lures to trick victims into opening malicious files.
August 18, 2021
Researchers have observed the Confucius threat group conducting a recent spear-phishing campaign in which attackers used lures related to Pegasus spyware to target Pakistani military.
The campaign was detected during a broader investigation of the Confucius threat actor, report Trend Micro researchers who found it. In the first phase of the two-step attack, an email is sent without a malicious payload containing content copied from a legitimate Pakistani newspaper article. The spoofed sender address mimics the PR department of the Pakistani Armed Forces.
Two days later, a second email arrives disguised as a warning from the Pakistani military about the Pegasus spyware. This email contains a link to a malicious encrypted Word document; the decryption password will be sent to the victim. The sender address spoofs a service similar to the one in the first email.
If the target clicks the malicious document link or the "unsubscribe" link, the Word document is downloaded and a document containing macros displays on the screen after the password is entered. If macros are enabled, malicious code will be noted, researchers explain.
The final payload is a .NET DLL file designed to steal documents and images, and it checks the Documents, Downloads, Desktop, and Pictures folder for every user.
Read the full blog post for more information.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Defending Corporate Executives and VIPs from Cyberattacks
2021 Gartner Market Guide for Managed Detection and Response Report