Hackers used Scanbox framework to hack Pakistani Govt’s passport application tracking site

[ March 19, 2019 ]

Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website. The attackers used the Scanbox Framework, the intrusion is similar to another attack that last week hit the Bangladeshi Embassy in Cairo.

Attackers injected the Scanbox Javascript code to steal data about the visitors’ devices along with recording visitors’ keystrokes.

The application simply collects data from the host and send it to the command and control server, in particular, it is able to detect the applications running on the targeted machine and information that could be used later by an attacker to serve specific exploits.

Scanbox has numerous plugins that could be used to enumerates software installed in the system (e.g. Flash versions, Flash versions, etc.).

The Scanbox framework is used by multiple APT groups, including the Stone Panda APT group and LuckyMouse, to carry out watering hole attacks.

Most of the victims of the hack were, of course, Pakistani citizens, followed by Saudi Arabia, the United States, and China.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: