A group of hackers linked to Pakistan, known as SideCopy, has attacked the Afghan Ministry of Finance using malicious software called Xeno RAT. This program allows attackers to steal sensitive information, such as credentials and financial data. For citizens, this means financial systems can become vulnerable, affecting the security of personal data or payments. The attack jeopardizes trust in Afghan financial institutions and underscores the need to strengthen cybersecurity.
How Xeno RAT operates on vulnerable systems 🖥️
Xeno RAT is a remote access trojan that, once installed, allows attackers to execute commands, capture keystrokes, and extract files. It is typically distributed through phishing emails with malicious document attachments. In this case, hackers targeted ministry servers. Once inside, the malware establishes communication with a command-and-control server, giving attackers full control over the infected system. This type of software is common in cyber espionage and data theft campaigns.
The hacker who wanted to be a public accountant 😅
It seems SideCopy decided to take an intensive finance course, but in their own way. Instead of auditing accounting books, they preferred to audit the ministry's servers. Everything suggests they thought: if we can't manage the budget, at least let's steal the data. The funny thing is, with all that effort, they could have gotten a legitimate job at any bank. But no, they chose the malware path, proving that creative accounting has many interpretations.