Signal

SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT in spear-phishing campaign

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-06-02 09:05 UTCUpdated 2026-06-02 21:54 UTC

rss

cveexploitsthreat_actorsincident_response

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (2)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (2 domains)

2 top sources shown

SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT

SC Media · News · scworld.com · 2026-06-02 21:54 UTC

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

thehackernews · News · thehackernews.com · 2026-06-02 09:05 UTC

limited source diversity in top sources

View all evidence

Overview

The Pakistan-linked SideCopy threat group has launched a spear-phishing campaign targeting Afghanistan's Ministry of Finance. The attack begins with a ZIP archive containing a malicious LNK file named in Pashto to exploit language familiarity within the Afghan government.

Score total

0.97

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

Recent disclosure of the campaign reveals active targeting of Afghan Ministry of Finance.
Attack leverages Pashto language to exploit local familiarity, increasing risk.
Timely awareness can help government and security teams enhance defenses.

Why it matters

Highlights ongoing cyber espionage targeting Afghan government institutions.
Demonstrates use of language-specific social engineering to increase attack success.
Use of open-source Xeno RAT shows evolving threat actor toolkits.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: medium

Recurring claims

SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT via spear-phishing ZIP archive containing malicious Pashto-named LNK file

How sources frame it

Cybersecurity Researchers: neutral

All evidence

SideCopy group targets Afghanistan's Ministry of Finance with Xeno RAT

SC Media · scworld.com · 2026-06-02 21:54 UTC

Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

thehackernews · thehackernews.com · 2026-06-02 09:05 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 2Origin domains: 2Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 2 / 0

Top publishers (this list)

SC Media (1)
thehackernews (1)

Top origin domains (this list)

scworld.com (1)
thehackernews.com (1)