Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website. The attackers used the Scanbox Framework, the intrusion is similar to another attack that last week hit the Bangladeshi Embassy in Cairo.
Experts at Trustwave uncovered the infection on March 2, 2019:
“Our earliest detection of Scanbox on this Pakistani government site was on March 2nd, 2019 and though we can’t say for sure how long before that Scanbox has been gathering information, we know with certainty that on that day alone Scanbox managed to collect information on at least 70 unique site visitors, about a third of them with recorded credentials.” reads the analysis published by Trustwave.
The application simply collects data from the host and send it to the command and control server, in particular, it is able to detect the applications running on the targeted machine and information that could be used later by an attacker to serve specific exploits.
Scanbox has numerous plugins that could be used to enumerates software installed in the system (e.g. Flash versions, Flash versions, etc.).
Most of the victims of the hack were, of course, Pakistani citizens, followed by Saudi Arabia, the United States, and China.
Most of AV solutions were not able to detect the infection, Trustwave revealed that on the day it discovered the Scanbox infection, attackers obtained information about 70 unique visitors and login credentials of about one-third of them.
“These recent cases raise concerns regarding the security of government sites, especially ones where services provided online may involve access to sensitive information. From the perspective of an APT, a tool like Scanbox would only be the beginning of a potentially more elaborate
This isn’t the first time that Pakistan entities are under attack, in November security firm Cylance uncovered a sophisticated state-sponsored campaign, tracked as Operation Shaheen, against the Pakistan Air Force.
In November, Group-IB experts a new large set of compromised payment
In February, Group-IB experts discovered new databases with a total of 69,189 Pakistani
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.