Thursday, October 21, 2021

Chinese hacking group IndigoZebra APT Targets Afghan Government

Must Read

UAE target of cyberattacks after Israel deal, official says

The United Arab Emirates has been the Target of cyber-attacks after formal ties with Israel, the Gulf Arab country's...

Why Cybercrime shift from attacks targeting individual systems to attacks targeting entire organizations

The change from attacks targeting human systems to strikes targeting whole associations is pushing up the price of cyberattacks...

Is Now the Time to Begin Protecting Government Data from Quantum Hacking?

The best technique for generating quantum-resistant encryption is to escape from the core power of computers, according to one...

IndigoZebra APT Targets Afghan Government With fake email and abusing Dropbox API to Mask malicious traffic.

On Thursday, Check Point Research (CPR) said that the Office of the President of Afghanistan, representing President Ashraf Ghani, is being used as a lure in spear-phishing emails designed to infiltrate government agencies in the country, of which a successful attack has led to the compromise of the Afghan National Security Council (NSC).

According to a report published by Check Point Research (CPR) on Thursday, this is just the latest in a long-running operation that goes back as far as 2014, when the same threat actors also targeted the Central-Asian countries of Kyrgyzstan and Uzbekistan.

IndigoZebra first came to light in August 2017 when Kaspersky detailed a covert operation that singled out former Soviet Republics with a wide swath of malware such as Meterpreter, Poison Ivy RAT, xDown, and a previously undocumented piece of malware called xCaon.

Dropbox is being abused as a form of C2 server in the latest version of this backdoor, dubbed “BoxCaon” by CPR.

Using the legitimate Dropbox API helps to mask the malicious traffic in the target’s network, researchers said, given that there are no communications with oddball websites showing up.

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This