Stealth Mango malware

Pakistan Based APT Targets Multiple Countries During May

Target: High profile individuals in Asian countries as well as Western nations indirectly.
Attack Vector: Watering-hole attack to download Stealth Mango malware.
Threat Actor: Pakistani state-sponsored threat actors, belonging to the Army.
Summary: As more and more countries increase their cyber capability and arm themselves with cyber weapons, new nations are observed joining the main players on the international stage. One of the nations, Pakistan, have been observed involved in various hacktivist based attacks over recent months. They appear to have launched a state-sponsored cyber espionage campaign targeting multiple countries in Asia and are believed to have collected data from Western nations such as the US, Australia, and Britain.
The campaign utilises malware known as Stealth Mango and Tangelo, used on Android and iOS devices respectively, it has the potential to compromise a target phone. The threat actors appear to belong to the Pakistan Army and have targeted individuals in communication with senior officials in the aforementioned nations in order to collect sensitive data. In addition, it appears the group may be related to Op C Major and Transparent Tribe, also active cyber threat actors operating in, or in relation to, Pakistan.
Risk assessment summary: This threat is assessed as 3d MODERATE. Considering the operation has been running for only a short period of time, a large amount of data has been collected. This displays the capability of Pakistan’s state-sponsored cyber espionage teams with over 15 GB worth of data stolen, including sensitive documents. In addition, Pakistan’s placing in the world and the potential allies in a global conflict, alongside their cyber capability, is a concerning combination of factors for the West. However, the availability is limited with the Android application appearing to be a third-party program which can be mitigated against. The iOS app appears to only be a danger to jailbroken iPhones, further limiting the vulnerability.

Leave a Reply

Your email address will not be published. Required fields are marked *