The government bodies, military entities, telecommunications companies and educational institutions in Pakistan are falling prey to the campaign of spear phishing documents – an act of email-spoofing to seek unauthorised access to sensitive information, a report published in Securelist said Wednesday.
The report added that MuddyWater, a relatively new advanced persistent threat (APT) that surfaced in 2017 and focused mainly on governmental targets in Iraq and Saudi Arabia, carried out a large number of these attacks and demonstrated advanced social engineering.
“We recently noticed a large amount of spear phishing documents that appear to be targeting government bodies, military entities, telcos and educational institutions in Jordan, Turkey, Azerbaijan and Pakistan, in addition to the continuous targeting of Iraq and Saudi Arabia, other victims were also detected in Mali, Austria, Russia, Iran and Bahrain,” the report found, adding that these new documents have appeared throughout 2018 and escalated from May onwards while the attacks are still ongoing.
The report identified that the malicious decoy documents used in the attacks suggested that they are geopolitically motivated, targeting sensitive personnel and organisations.
The attackers use not only random usernames to confuse researchers, but also codenames like Leo, Poopak, Vendetta and Turk to create the documents or templates according to the region. For instance, Poopak is a Persian girl’s name or might suggest the authors are not entirely happy with “Pak”, which could be short for Pakistan.
The MuddyWaters group has carried out a large number of attacks and demonstrated advanced social engineering, in addition to the active development of attacks, infrastructure and the use of new methods and techniques. The attackers are actively improving their toolkit in an effort to minimize their exposure to security products and services, the report concludes, recommending that staff members in the targets should be educated.
The use of a proven corporate-grade security solution in combination with anti-targeted attack solutions capable of detecting attacks by analyzing network anomalies and better security tools was suggested.