HQ/EMEAFind out how we can help your business
An unidentified threat group has reportedly used the Shadowpad malware to compromise a Pakistani government application to infect its users. Based on reports, the Pakistani government has already suffered the same attack from last year, which compromised the country’s one unnamed government agency, a state bank, and a telecom provider.
The researchers claimed it could have been a supply-chain attack since the hackers infected third-party software to access their targeted entity. In the recent incident, the attackers altered an MS installer built by the Pakistani government for the E-Office app.
The application aids the country’s public agencies in executing tasks digitally. Moreover, the application is only for government agencies and is not publicly accessible. However, the researchers said that a recent cybercriminal campaign added three files to the legitimate Microsoft installer of the Pakistani app to sideload a malicious payload.
The Shadowpad malware emerged over half a decade ago after researchers discovered it on a well-known computer cleanup tool.
Researchers explained that the Shadowpad malware is a sophisticated malware family discovered in 2017. The first discovery of the malware is from a supply-chain attack on a well-known computer cleanup tool called CCleaner.
Some researchers also believe that the threat actors behind these attacks are the Chinese espionage group APT41 (aka Barium). Unfortunately, researchers disclosed that they have yet to collect substantial evidence to link these new attacks to a known threat group.
However, the attack could be from another China-based hacking group since the attackers have access to the latest version of Shadowpad.
Shadowpad became a shared malware family and, since 2019, has been linked to multiple Chinese espionage groups, such as Earth Akhlut. Hence, analysis has a hard time making attributions.
In June, a previously unknown Chinese-speaking threat actor exploited a critical flaw in Microsoft Exchange Server to target Afghanistan, Malaysia, and Pakistan’s telecommunications, manufacturing, and transport sectors with Shadowpad malware.
During these attacks, the attackers downloaded the Shadowpad malware onto the infected computers under the guise of legitimate software.
These attacks are still under investigation; hence, new details will soon emerge.
