Cybersecurity company ESET uncovered a cyberattack designed for stealing sensitive information from different organizations. The threat appears to be of Indian origin and has been raging for a couple of years at least. Attackers would use a code signing certificate issued by a company based in New Delhi, apparently legitimate, which would have produced malicious binary signatures and promoted their spread. The malware spreads through e-mail attachments. The attack is mainly directed towards Pakistan, where 79% of detections were identified. The Indian armed forces seem to be one of the most covered topics, as evidenced by a fraudulent PDF files in a self-extracting archive called “pakistandefencetoindiantopmiltrysecreat.exe”. Stolen data from infected computers is sent to the servers of the attackers without encryption, quite surprisingly.
Source : GlobalSecurityMag