"NewsPenguin Goes Phishing for Maritime & Military Secrets"

Using an advanced malware tool, a novel threat actor dubbed "NewsPenguin" by researchers has been conducting an espionage campaign against Pakistan's military-industrial complex for months. Blackberry researchers disclosed how this gang organized a phishing attack targeting attendees of the Pakistan International Maritime Expo & Conference (PIMEC). According to a government press release, PIMEC is a Pakistan navy effort that provides an opportunity for the maritime industry, both in public and private sectors, to exhibit products and create business contacts. PIMEC attendees include nation-states, militaries, military manufacturers, and more. Together with NewPenguin's use of a custom phishing bait and other contextual features of the attack, this information led the researchers to conclude that the threat actor is actively targeting government entities. NewsPenguin entices its victims with spear-phishing emails containing a Word attachment that appears to be an "Exhibitor Manual" for the PIMEC conference. The payload at the end of the attack flow is an executable with no distinguishable name, referred to as "updates.exe." This never-before-seen espionage tool is significant for the lengths it goes to avoid discovery and analysis. For example, in order to avoid being noticed in a target network environment, the malware runs slowly, taking five minutes between each command. This article continues to discuss findings regarding the NewsPenguin espionage campaign. 

Dark Reading reports "NewsPenguin Goes Phishing for Maritime & Military Secrets"