MEDIUM
Pakistan-Linked SideCopy Deploys Xeno RAT Against Afghanistan Finance Ministry
The Pakistan-aligned SideCopy APT group targeted Afghanistan’s Ministry of Finance with a spear-phishing campaign delivering Xeno RAT, an open-source remote access trojan. The initial lure is a ZIP archive containing a malicious LNK file with a Pashto-language filename designed to appear legitimate to the target.
SideCopy has historically focused on Indian and Afghan government targets. The use of an open-source RAT lowers attribution friction and reduces tooling costs. Organizations supporting Afghan government financial operations should review email filtering rules for ZIP/LNK delivery chains.