BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

SideCopy Targets Afghan Finance With Xeno RAT

SideCopy and Transparent Tribe target Afghan finance and Indian military with tailored malware.

  • The Pakistan-aligned SideCopy group deployed a sophisticated spear-phishing campaign codenamed Operation XENOFISCAL against Afghanistan’s Ministry of Finance.
  • The attackers used a malicious ZIP archive containing a Pashto-language LNK file to deliver the open-source remote access trojan Xeno RAT, establishing persistent control.
  • In a related campaign, the broader Transparent Tribe (APT36) umbrella targeted Indian military infrastructure using weaponized Linux .desktop files and a Golang-based implant called DeskRAT.

In early June 2026, cybersecurity researchers uncovered a targeted cyber espionage campaign by the Pakistan-aligned SideCopy group, which successfully compromised Afghanistan’s Ministry of Finance using a sophisticated remote access trojan. The attack, detailed by Seqrite Labs researcher Dixit Panchal, deployed a persistent version of the open-source Xeno RAT malware against Afghan government officials.

- Advertisement -

“The campaign opens with a spear phishing delivery – a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,” Panchal said in a technical breakdown. This deliberate linguistic choice reflected the attackers’ deep familiarity with their target environment within Afghan government circles.

Consequently, the malicious Windows Shortcut file fetched a remote HTML Application from a compromised education domain to execute obfuscated JavaScript. The malware then established persistence by mimicking Microsoft Edge in the Registry before dropping the final Xeno RAT payload alongside a decoy document.

The remote access trojan is equipped with extensive capabilities, including executing commands, logging keystrokes, taking screenshots, and performing network tunneling. Meanwhile, a separate but related phishing operation leveraging weaponized Linux .desktop files targeted Indian military infrastructure, according to security researcher R.D. Tarun.

This broader campaign, assessed to be the work of Transparent Tribe, used contract-related lures associated with Indian-armored vehicle procurement. “The campaign appears to target individuals connected to Indian military and defense infrastructure ecosystems using WhatsApp-based social engineering,” Tarun noted in a recent report.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AI freelancers could drive $262B in stablecoin payments by 2033

Swyftx projects that $262 billion of the AI-native gig economy's payment volume could be...

LINE NEXT launches global stablecoin platform Unifi

LINE NEXT has launched Unifi, a non-custodial stablecoin platform, now available globally as it...

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Must Read

Buy Domain With Bitcoin: Top 8 Domain Registrars That Accept Bitcoin And Crypto

You are here because you want to buy a domain with bitcoin, right? If you are looking for domain registrars that accept bitcoin or...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading