Post
HIGH

SideCopy Targets Afghanistan Finance Ministry with Xeno RAT via Pashto-Language Spear Phishing

· phishing · malware · vulnerability

Cybersecurity researchers have documented a spear-phishing campaign by SideCopy, a Pakistan-aligned threat group, targeting Afghanistan’s Ministry of Finance. The initial access vector is a ZIP archive containing a malicious LNK file with a Pashto-language filename crafted to appear legitimate to ministry staff. The payload is Xeno RAT, an open-source remote access trojan that provides full remote access to compromised systems. The campaign reflects ongoing regional espionage between South Asian state actors, with financial ministries as high-value intelligence collection targets.