A novel threat actor that researchers have dubbed “NewsPenguin” has been conducting an espionage campaign against Pakistan’s military-industrial complex for months, using an advanced malware tool.
In a blog post on Feb. 9, researchers from Blackberry revealed how this group carefully planned out a phishing campaign targeting visitors to the upcoming Pakistan International Maritime Expo & Conference (PIMEC).
PIMEC will take place over the course of this coming weekend. It is a Pakistan navy initiative that, according to a government press release, “will provide opportunities to maritime industry both in public and private sectors to display products and develop business relationships. The event will also highlight Pakistan’s Maritime potential and provide the desired fillip for economic growth at national level.”
Attendees at PIMEC include nation-states, militaries, and military manufacturers, among others. That fact, combined with NewPenguin’s use of a bespoke phishing lure and other contextual details of the attack, led the researchers to conclude “that the threat actor is actively targeting government organizations.”
How NewsPenguin Goes Phishing for Data
NewsPenguin attracts its victims using spear-phishing emails with an attached Word document, purporting to be an “Exhibitor Manual” for the PIMEC conference.
Though the file name was quite a red flag — “Important Document.doc” — its contents appear to be ripped straight from the actual event’s materials, featuring government seals and the same aesthetic as other media published by the organizers.
The document first opens in a protected view. The victim must then click “enable content” to read