The Infostealer to Government-Backed Hackers Pipeline

The Dangerous Escalation

Opportunistic Infection Random malware download

Diplomat Compromised Valid MOFA credentials stolen

APT Espionage State-sponsored attacks

Global Diplomatic Exposure

Hudson Rock detected infections exposing Ministry of Foreign Affairs (MOFA) credentials across critical geopolitical regions.

Saudi Arabia mofa.gov.sa

South Korea mail.mofa.go.kr

UAE mofa.gov.ae

Qatar mofa.gov.qa

Case Study: Dream Security Group

Attackers leveraged a compromised Omani MFA email to launch a spear-phishing campaign against 195 global targets, including the UN and World Bank.

THE ATTACK VECTOR CRITICAL

Source: ******@fm.gov.om (Paris Embassy)

Payload: “sysProcUpdate” Malware

“Authentic credentials make phishing lures highly convincing.”

Case Study: Bitter APT

During the ‘Operation Sindoor’ conflict, Bitter APT used credentials stolen from Islamabad Police to compromise Pakistan’s critical infrastructure.

Target Pakistan Telecom (PTCL)

Method Phishing via stolen CTD email

Deep Dive: Oman’s Embassies

Specific infections reveal the depth of the issue. Hundreds of credentials were stolen from official embassy computers operating abroad.

Embassy in Ankara, Turkey

ankara@mofa.gov.om

Embassy in Brasilia, Brazil

emb-brasilia@mofa.gov.om

The Dangerous Escalation