Pakistani Military Organizations Targeted by New Intelligence Tool
This post is also available in: 
עברית (Hebrew)
According to recent reports, a new identified hostile tool has targeted military organizations in Pakistan. The tool which was used to send phishing emails that included weaponized documents was traced as NewsPenguin, a seemingly new sophisticated malware.
Once the target opened the attachments to the email, the lure document would use a remote template injection technique to fetch the next stage from a remote server that only serves the payload to Pakistani IP addresses. The victim is promoted to enable editing in the document, which beginning a series of commands to save files and download malicious ones on the victims computer.
The researchers discovered that the malware waits five minutes between commands, likely another attempt to bypass sandboxes, which typically have a time limit of fewer than five minutes per sample.
Based on received commands, the malware collects and sends information about the machine, runs an additional thread, copies or moves files, deletes files, creates directories, sends the content of files to the server, executes files, and uploads or downloads files from the server.
Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th
Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!
