• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Latest Covid-19 Malicious URLs
June 17, 2020
Rewterz Threat Advisory – Multiple Security Vulnerabilities In Cisco Products
June 18, 2020

Rewterz Threat Alert – Phishing Campaign Targeting Pakistan Government Organizations

June 17, 2020

Severity

High

Analysis Summary

A recent phishing campaign have emerged targeting Pakistan government organizations impersonating Federal investigation Agency (FIA) delivering lure which discuss Pakistan-China National Network Security Incident Contingency Plan.The malicious document file named National_Network_Security.docx exploits CVE-2017-0261 a remote code execution vulnerability in microsoft office and drops a JLI backdoor.These ongoing phishing campaign are part of the continuity of recent cyber attacks that are being conducted by Suspected Indian APT group APT-C-35. The timing of these attacks are critical because of the ongoing tensions between India and China and their neighboring countries. While subcontinent region remains active due to it’s security conditions, countries are now more focused to sabotage and disrupt the processes by gaining advantage on the cyber front on their opponents. 

advisory-1592395752.jpg

Impact

  • Information theft
  • Exposure of sensitive data

Indicators of Compromise

Filename

  • National_Network_Security[.]docx

IP

  • 185[.]29[.]10[.]117

MD5

  • 9a3c9a9c904fbae3a020be4799cd781c

SHA-256

  • 22960057a38990ed2b0d79b2554c6364f15ea74a8cf1ab257f01e4f39b9851ea

SHA1

  • bbf57e00eaf13cecbab7fa23ebcf13c45833f866

Remediation

  • Block all threat indicators at your respective controls.
  • install the patch for security vulnerability CVE-2017-0261 by visiting https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0261
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.