APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware
Nov 22, 2024
Cyber Attack / Malware
The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj -themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as APT-K-47, is a threat actor of South Asian origin that has been active since at least 2022, primarily targeting Pakistani entities. The group's tactics and tooling have been found to share similarities with those of other threat actors operating in the regions, such as SideWinder, Confucius, and Bitter. In October 2023, the group was linked to a spear-phishing campaign that delivered a backdoor called ORPCBackdoor as part of attacks directed against Pakistan and other countries. The exact initial access vector employed by Mysterious Elephant in the latest campaign is not known, but ...