A sophisticated cyber espionage operation targeted public safety organizations in Pakistan, specifically the Punjab Safe Cities Authority. The attackers conducted a spear-phishing campaign, impersonating internal communications related to legitimate projects to trick staff into opening malicious documents. They utilized VS Code Remote Tunnels to gain access to local workstations, bypassing standard security measures.
The attack involved altering device authorization mechanics and utilizing Discord webhooks for data exfiltration. A secondary infection vector was introduced through a PDF attachment, employing ClickOnce technology to deliver additional malware. This incident highlights the risks associated with trusted developer utilities and emphasizes the need for enhanced security measures to prevent such advanced threats.