A Government of Pakistan’s website has found to be compromised by Trustwave’s SpiderLabs Research team.
The website tracking.dgip.gov.pk is a sub-domain of Directorate General of Immigration & Passport of the Pakistani government.
Reportedly, the site which is used as a tracking platform for passport applicants was compromised in order to deliver a ScanBox framework payload.
The ScanBox framework is a self-contained JavaScript-based keylogger designed to record users’ keystrokes while they’re browsing a website.
Trustwave researchers noted that Scanbox also attempts to identify if the visitor has any of the 77 products (including security software, virtualization, and decompression tools) installed on the device, according to HackRead.
Trustwave’s SpiderLabs Research team that discovered this breach added:
It was then seen again in 2017 suspected to be used by the Stone Panda APT group, and once more in 2018 in connection with LuckyMouse. With every appearance, it seems to have evolved in terms of the kinds of information it gathers.
The Platform Also tried to detect whether the visitor has any of a list of 77 endpoint products installed, most of these are security products, with a few decompression and virtualization tools.
This is the same kind of attack that last week Bangladeshi Embassy in Cairo suffered.
It is unclear who is behind this attack as of yet. However, this is surely not the first time when Pakistan’s IT infrastructure was compromised.
Last year, the country was hit with waves of ATM frauds and scams and a lot of money was stolen from many individuals. Even their information was sold on the dark web.
Stay tuned to Brandsynario for more news and updates.
Social Media’s Worst Outage: Sources Reveal Possible Reasons Behind Blackout