Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military

Trend Micro -

Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military

APT & Targeted Attacks

While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer.

By: Daniel Lunghi August 17, 2021 Read time:  ( words)

While investigating the Confucius threat actor, we found a recent spear phishing campaign that utilizes Pegasus spyware-related lures to entice victims into opening a malicious document downloading a file stealer. The NSO Group’s spyware spurred a collaborative investigation that found that it was being used to target high-ranking individuals in 11 different countries.

In this blog entry, we take a look at the lures used by the malicious actor and provide a short analysis of the file stealer used in the campaign, which was launched in early August.

The contents of the spear phishing email

The campaign involves a two-step attack. During the first phase, an email without a malicious payload containing content copied from a legitimate Pakistani newspaper’s article is sent to the target. The

Read More: https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html