It exploits company certificates to sign the executable and decept the anti virus. The malware infection chain is activated by the attachment.
Cylance: The Pakistani Air Force members have been targeted by state-sponsored hackers dubbed The White Company with Operation Shaheen. The new APT possesses considerable resources
The Pakistani Air Force members have been targeted by state-sponsored hackers. It has been discovered by Cylance cyber security experts, who unveiled the Operation Shaheen by The White Company. The new APT could be linked to India, but there are also different options. In fact, there are many nations interested in spying the nation’s secrets. The group possesses considerable resources that support the likelihood that is part of a state-sponsored group: Access to zero-day exploit developers and (potentially) zero-day exploits; A complex, automated exploit build system; The ability to modify, refine, and evolve exploits to meet mission-specific needs, and The capacity for advanced reconnaissance of targets. Furthermore, it targets and effectively evades multiple antivirus products—including Sophos, ESET, Kaspersky, BitDefender, Avira, Avast, and Quick Heal—before turning them against their owners by deliberately surrendering to them on specific dates in order to distract, delay, and divert resources.
The cyber espionage campaign, that lastet at least since one year, targeted members of the Pakistan Air Force with spear-phishing messages that weaponized lure files with topics of interest for the targets
In Operation Shaheen, White Company hackers targeted members of the Pakistan Air Force with spear-phishing messages. They weaponized lure files with names referenced events, government documents, or news articles of interest for the targets, Security Affairs reports. Attackers initially used phishing messages with links to compromised websites, then they switched to emails using infected Word documents as attachments. In both cases, the Cylance cyber security researchers found that the emails were specifically crafted to reference topics, that would be relevant to appeal to the targets. From the Pakistani Air Force to the government, to Chinese Military and advisers in Pakistan. So the cyber attacks were highly targated. The malware used in the campaign implements five different packing techniques, that placed the ultimate payload within a series of layers and the cyber espionage lasted at least for a year, before been uncovered.