Afghanistan Ministry of Finance
May 29, 2026
•[ spear-phishing, malware, XenoRAT ]
SideCopy, a suspected Pakistan-linked threat group, targeted Afghanistan's Ministry of Finance and provincial revenue and finance directorates with spear-phishing emails containing a malicious ZIP/LNK file in Pashto. When executed, the malware chain installed XenoRAT, enabling long-term remote access, spying on infected computers, and additional malicious activity.
