Once again, Pakistani websites are the target of cyber attacks by Sidewinder – a hacker group also known as APT-C-17 or Rattlesnake – believed to be backed by the Indian government. .
The latest victim was Nepra’s website using Warhawk malware.
Security professionals at Zscaler ThreatLabz were the first to notice the attack. Here’s what he had to say about the Warhawk, which was specifically designed with Pakistan in mind.
“The newly discovered Warhawk backdoor includes various malicious modules that Cobalt Strike delivers, including new TTPs such as KernelCallBackTable injection and Pakistan Standard Time Zone checks to ensure a winning campaign.”
However, earlier Kaspersky investigations have shown that the content supporting the attribution has since disappeared, making it difficult to link the hackers to India.
But it is also true that Indian hackers have repeatedly attacked Pakistani webs over the years, so this should not be shocking.
This attack was used to target several major government agencies of Pakistan such as SNGPL, NADRA, FIA, Customs, National Health Desk, and Ministry of External Affairs.
