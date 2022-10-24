Once again, Pakistani websites are the targets of cyberattacks from SideWinder - a hacker collective also known as APT-C-17 or Rattlesnake - believed to supported by the Indian government.

The latest victim was the website of NEPRA using WarHawk malware.

Security professionals from Zscaler ThreatLabz were the first to notice the attack. Here is what they had to say about WarHawk, which was made especially with Pakistan in mind.

“The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable injection and Pakistan Standard Time zone check in order to ensure a victorious campaign.”

Older Kaspersky investigations, however, have shown that the material that supported the attribution has subsequently vanished, making it difficult to connect the hackers to India.

But it’s also true that Indian hackers have repeatedly attacked Pakistani webs over the previous years, so it shouldn’t be shocking.

This attack was used to target several major Pakistani government entities such as SNGPL, NADRA, FIA, Customs, National Health Desk, and the Ministry of Foreign Affairs.