A Pakistani advanced persistent threat (APT) group has been conducting espionage against the Afghan Ministry of Finance using a malware known as Xeno RAT. This operation involves a series of phishing attacks utilizing malicious emails that target Afghan governmental systems, exploiting the country's substantial digital infrastructure inherited after the Taliban takeover.
The attackers employed common tactics such as spear-phishing and malware disguised as official documents, showcasing a deliberate approach to evasion and persistence. The Afghan government's cyber resilience is hampered by limited resources and international partnerships, making it vulnerable to such efforts from neighboring countries.