Severity
High
Analysis Summary
Threat actor Confucius has been active most recently and is targeting Pakistan with malicious files in which newly elected US President Joe Biden is seen discussing the nuclear weapons issues. Confucius’ campaigns were reportedly active as early as 2013, abusing Yahoo! And Quora forums as part of their command-and-control (C&C) communications. Their operations include include deploying bespoke backdoors and stealing files from their victim’s systems with tailored file stealers.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
Filename
- Biden’s attitude on dealing with nuclear weapons
MD5
- b56c98106376f4704d5c45ba8c427c1b
SHA-256
- 59cd62ad204e536b178db3e2ea10b36c782be4aa4849c10eef8484433a524297
SHA1
- b205b08b47ce6bd15a20fd91a5936fa7dd8804dc
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.