Rewterz Threat Alert – BITTER APT Group Active Again in South Asia
January 6, 2021Rewterz Threat Alert – APT 32 Ocean Lotus – IOCs
January 6, 2021Rewterz Threat Alert – BITTER APT Group Active Again in South Asia
January 6, 2021Rewterz Threat Alert – APT 32 Ocean Lotus – IOCs
January 6, 2021Severity
High
Analysis Summary
Hardcore Nationalist (HN2) aka Sidewinder APT Group, which has been working in the interest of Indian Government, was observed targeting Pakistani Air Force recently with malicious samples of PAF Calender 2021. This is an active campaign targeting armed forces and Government Officials through decoy documents. Hardcore Nationalist aka SideWinder is a threat group active since 2012 according to Kaspersky. This group mainly targets Pakistanis and Chinese military & government entities windows machines as well as mobile phones often using weaponized word documents & custom build mobile apps for information theft & espionage.
Impact
- Information theft
- Espionage
- Exposure of sensitive data
Indicators of Compromise
Filename
- PAF CALENDER 2021[.]pdf[.]lnk
MD5
- 16560f7e2a3e2f53a5b07149cbf50cb0
- 7e7ce69f131454e7099693e23f52eac2
SHA-256
- acd1dfac6760e431d129d2e7799ea790e7eac0582e4bf15c2043e01c37ee29bb
- 69ebff10731537248163d468d9f9203364dbbbf003b6f208970be898354ebf54
SHA1
- f37e8f87fb1eef8666e6c53854d8f7eabe9540f1
- e5c129f95963be1ec26995b67de3e5abc049c917
URL
- https[:]//paf[.]gov-mail[.]net/13621/1/18844/2/0/0/1390324815/files-b74d99d6/hta
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.