Hackers target Afghan government workers with fake correspondence from senior officials

Key Points:

• Hackers are targeting Afghan government employees with phishing emails disguised as official correspondence from the prime minister's office, delivering malware known as FalseCub.
• The campaign impacts Afghan ministries and administrative offices, leveraging forged documents to collect and exfiltrate sensitive data from infected systems.
• Security teams should implement email filtering solutions, conduct user awareness training on phishing tactics, and monitor for indicators of compromise related to the FalseCub malware.

Technical Details: The phishing campaign utilizes a decoy document that mimics legitimate government communications. Once opened, it deploys the FalseCub malware, which is designed to exfiltrate data. The malware was hosted temporarily on GitHub.

MITRE ATT&CK Techniques:

• T1566.001 - Phishing: Spearphishing Attachment (Initial Access)
• T1041 - Exfiltration Over Command and Control Channel (Exfiltration)

IOCs Mentioned:

• GitHub repository hosting the malware
• Shortened link used in the campaign