Friday, July 23, 2021

Chinese hacking group IndigoZebra APT Targets Afghan Government

Must Read

Cybersecurity Firm Qualys Confirms Unauthorized Access to Data Using Accellion hacks

Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a...

Helicopter Manufacturer Kopter Hit By Ransomware

Helicopter manufacturer Kopter has fallen Victim to ransomware attack after hackers breached its internal system and encoded the firm's...

Countering Threat Data Overload: The Significance of Curation

Now cybersecurity professionals are confronted with the monumental challenge of navigating an increasingly intricate threat landscape. The mass change...

IndigoZebra APT Targets Afghan Government With fake email and abusing Dropbox API to Mask malicious traffic.

On Thursday, Check Point Research (CPR) said that the Office of the President of Afghanistan, representing President Ashraf Ghani, is being used as a lure in spear-phishing emails designed to infiltrate government agencies in the country, of which a successful attack has led to the compromise of the Afghan National Security Council (NSC).

According to a report published by Check Point Research (CPR) on Thursday, this is just the latest in a long-running operation that goes back as far as 2014, when the same threat actors also targeted the Central-Asian countries of Kyrgyzstan and Uzbekistan.

IndigoZebra first came to light in August 2017 when Kaspersky detailed a covert operation that singled out former Soviet Republics with a wide swath of malware such as Meterpreter, Poison Ivy RAT, xDown, and a previously undocumented piece of malware called xCaon.

Dropbox is being abused as a form of C2 server in the latest version of this backdoor, dubbed “BoxCaon” by CPR.

Using the legitimate Dropbox API helps to mask the malicious traffic in the target’s network, researchers said, given that there are no communications with oddball websites showing up.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This