[ March 19, 2019 ]
Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website. The attackers used the Scanbox Framework, the intrusion is similar to another attack that last week hit the Bangladeshi Embassy in Cairo.
The application simply collects data from the host and send it to the command and control server, in particular, it is able to detect the applications running on the targeted machine and information that could be used later by an attacker to serve specific exploits.
Scanbox has numerous plugins that could be used to enumerates software installed in the system (e.g. Flash versions, Flash versions, etc.).
The Scanbox framework is used by multiple APT groups, including the Stone Panda APT group and LuckyMouse, to carry out watering hole attacks.
Most of the victims of the hack were, of course, Pakistani citizens, followed by Saudi Arabia, the United States, and China.