Group 21 targeted a range of sectors in South Asia with spear-phishing emails. The mails contained a malicious attachment which dropped a backdoor on the infected system to steal sensitive information. The threat actor has been in operation since at least 2017. It uses many techniques for persistence and defense evasion including PowerShell, mshta, obfuscation, and scheduled tasks. This comes at a crucial time when Pakistan India are progressing towards important aspect of peace negotiations after a tense last year.
Information theft and espionage
Block all threat indicators at your respective controls.
Search for IOCs in your environment.