A new cyber espionage campaign targeting Afghanistan’s government has been discovered, involving social engineering and the use of fake official documents. The threat group, Nomad Leopard, demonstrates operational errors and low-to-moderate sophistication but still poses regional risks. #NomadLeopard #APTGroup
Keypoints
- The campaign targets Afghan government employees using phishing emails with official-looking documents.
- The malicious payload is delivered through ISO files containing disguised executable files.
- Nomad Leopard hosts its malware on GitHub, blending malicious activity with normal traffic.
- The group’s reuse of online personas indicates operational security mistakes and low sophistication.
- Despite its limitations, the group could pose a regional threat and may target other countries.