Operation Shaheen: New APT White Company hits Pakistani military with a long-term cyberespionage campaign

• The campaign is the work of a previously unknown APT group called The White Company.
• Experts believe The White Company is likely a state-sponsored group and has access to zero-day exploits.

The Pakistani military has fallen victim to a year-long cyberespionage campaign that experts believe is still ongoing. The campaign, dubbed Operation Shaheen, is believed to be the work of a previously unknown APT group called The White Company. Experts believe The White Company is likely a state-sponsored group and has access to zero-day exploits.

According to security researchers at Cylance, who tracked Operation Shaheen, White Company targeted officers in the Pakistani Air Force with a phishing attack that distributed remote access trojans (RATs) and other malware payloads.

What is more, researchers said that they found no errors committed by the group that may have revealed its members’ true identity. This indicates that the threat group is highly sophisticated and careful to ensure that it leaves to traces of its identity.

“We have observed The White Company evolve, modify, and refine both its exploits and its malware. They craft advanced tools that are mission-specific and tailored to esoteric target environments,” Cylance researchers said in a report. “We’ve witnessed The White Company go to unusual lengths to ensure stealth. In this campaign, we watched them turn eight different antivirus products against their owners.”

It is still unclear whether the targets fell for the phishing lures and whether The White Company was capable of successfully infiltrating systems and exfiltrating sensitive data.

“We call this threat actor The White Company in acknowledgment of the many elaborate measures they take to whitewash all signs of their activity and evade attribution,” Cylance researchers added. “Perhaps the most significant of contradictions exposed by Cylance’s research is that the threat of state-sponsored cyber espionage has already arrived on Pakistan’s doorstep — a reality which appears to have just dawned on the Pakistanis themselves, at least in public discourse.”