Hackers Exploit Religious Pilgrimage to Deploy Sophisticated Malware Attack

Hackers Exploit Religious Pilgrimage to Deploy Sophisticated Malware Attack

Mysterious Elephant (also known as APT-K-47), a South Asian threat actor, has launched a sophisticated cyber attack campaign using an upgraded version of the Asyncshell malware. Key points:

Attack Details:
– Uses Hajj-themed bait to deceive victims
– Delivers malware through Microsoft CHM files
– Targets primarily Pakistani entities
– Active since 2022

Technical Aspects:
– Attack delivers two files:
1. A CHM file (appearing as 2024 Hajj policy information)
2. A hidden executable
– Shows legitimate Pakistan Ministry document as decoy
– Executes malicious payload in background
– Uses cmd shell to connect with remote server

Malware Evolution:
– Four versions of Asyncshell identified
– Capabilities include cmd and PowerShell command execution
– Shifted from TCP to HTTPS for C2 communications
– Exploits WinRAR vulnerability (CVE-2023-38831)
– Implements variable C2 addresses instead of fixed ones

The group shares similarities with other regional threat actors (SideWinder, Confucius, and Bitter) and demonstrates increasing sophistication in their attack methodologies and tool development.

This summary maintains the critical information while presenting it in a more structured and accessible format.

Share This Article