Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan

Description

A sophisticated cyber espionage campaign dubbed Operation Cobalt Whisper has been uncovered, targeting various industries in Hong Kong and Pakistan. The threat actor focuses on the defense sector, engineering researchers, and key entities in these regions, using tailored lures related to electrotechnical societies, energy infrastructure, and environmental engineering. The campaign heavily relies on Cobalt Strike for post-exploitation, deploying it through obfuscated VBScript. The attack chain involves malicious LNK files, VBScript, and Cobalt Strike beacons. The operation has been active since May 2024, with over 20 infection chains identified. The threat actor's tactics suggest a methodical approach to cyber-espionage, aiming to compromise sensitive research and intellectual property.