Reportedly, threat actors are targeting government and military personnel by impersonating as Ministry of Finance; spreading fake letters/memoranda via emails regarding Deduction of 2x Days Salary from the Federal Government Employees to be Debited to the Prime Minister’s Flood Relief Donation for Earthquake Affected Turkey and Syria.
An APT group may frequently change its techniques, tactics and procedures. In continuation of advice forwarded to all colleagues, Users must be aware of ongoing malicious phishing campaigns and take preventive measures that include but are not limited to the following:
Anti-Phishing Email Guidelines for Users:
- Always re-verify trusted users who have sent emails/attachments via secondary means (call, SMS, verbal) before downloading
- Report any suspicious activity to IT Service Desk or SOC immediately
- Never keep critical data on online systems but store it in standalone systems
- Never open unknown and suspicious emails, links and attachments
Use email service provider’s anti-virus scanner before downloading any attachment (trusted ones too) - Timely update all applications and Operating Systems (PC and mobile etc.)
- Use well reputed and updated anti-virus/anti-malware
- Regularly review applications permission, system running processes and storage utilization
- Use separate and complex passwords for each system, mobile, SM accounts, financial and mailing accounts etc.
- Never use personal accounts on official systems
- Use multi-factor authentication (MFA)/two-factor authentication where possible
- Never share personal details and credentials with unauthorized/suspicious users, websites, applications etc.
- Always type URLs in browsers instead of clicking on links
- Always open websites with https and avoid visiting http websites
Anti-masquerading guidelines for Administrators
- Restrict incoming traffic and user’s permissions to maximum extent by implementing system hardening at OS, BIOS and application level.
- Unauthorized USB and storage media be blocked via hardening. Also, format USB every time
before using to ensure no malware is propagated from one system to another. - Monitor networks including file hashes, file locations, logins and unsuccessful login attempts.
- Use reputed anti-virus, firewalls, IPS/lDS and SIEM solutions.
- Use separate servers/routing for offline LAN and online networks.
- Allow internet access to specific users on need basis and restrict data usage/ applications
rights. - Verify software and documents before downloading via digital code-signing technique.
- Implement MFA in mailing systems administrator controls and other critical systems.
- Always maintain back up of critical data periodically.
- Regularly change passwords at administrator level.
- Regularly patch and update all OS, applications and other technical equipment.
Anti-masquerading guidelines for Users
- Always re-verify trusted users who has sent email/attachment via secondary means (call, SMS, verbal) before downloading.
- Report any suspicious activity to Administrator immediately.
- Never keep critical data on online systems and store it in standalone systems.
DARK PINK
APT
Dark Pink (origin unknown) is a new APT group operational since mid-2021 targeting Asian governments and military setups. An analysis of attack on Malaysian Armed Forces reveal use of phishing emails and sophisticated attacks on email networks.
TTPS
Dark Pink uses techniques such as USB infection and DLL exploitation to exploit systems. Primary means of compromise (unauthorized intrusion and access) is phishing emails.