{"id":219335,"date":"2026-03-03T01:53:00","date_gmt":"2026-03-03T06:53:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/sloppylemming-targets-pakistan-and-bangladesh-governments-using-dual-malware-chains\/"},"modified":"2026-03-03T06:10:11","modified_gmt":"2026-03-03T11:10:11","slug":"sloppylemming-targets-pakistan-and-bangladesh-governments-using-dual-malware-chains","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/03\/sloppylemming-targets-pakistan-and-bangladesh-governments-using-dual-malware-chains\/","title":{"rendered":"SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains"},"content":{"rendered":"

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/03\/sloppylemming-targets-pakistan-and.html<\/a><\/p>\n

Publish Date: 2026-03-03 01:53:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802Mar 03, 2026<\/span><\/span>Malware \/ Phishing<\/span><\/p>\n

The threat activity cluster known as SloppyLemming<\/strong> has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh.<\/p>\n

The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based keylogger.\u00a0<\/p>\n

“The use of the Rust programming language represents a notable evolution in SloppyLemming\u2019s tooling, as prior reporting documented the actor using only traditional compiled languages and borrowed adversary simulation frameworks such as Cobalt Strike, Havoc, and the custom NekroWire RAT,” the cybersecurity company said in a report shared with The Hacker News.<\/p>\n

SloppyLemming is the moniker assigned to a threat actor that’s known to target government, law enforcement, energy, telecommunications, and technology entities in Pakistan, Sri Lanka, Bangladesh, and China since at least 2022. It’s also tracked under the names Outrider Tiger and Fishing Elephant.<\/p>\n

Prior campaigns mounted by the hacking crew have leveraged malware families like Ares RAT and WarHawk, which are often attributed to SideCopy and SideWinder, respectively.<\/p>\n

ArcticWolf’s analysis of the latest attacks has uncovered the use of spear-phishing emails to deliver PDF lures and macro-enabled Excel documents to kick-start the infection chains. It described the threat actor as operating with moderate capability.<\/p>\n

The PDF decoys contain URLs designed to lead victims to ClickOnce application manifests, which then deploy a legitimate Microsoft .NET runtime executable (“NGenTask.exe”) and a malicious loader (“mscorsvc.dll”). The loader is launched using DLL side-loading to decrypt and execute a custom x64 shellcode implant codenamed BurrowShell.<\/p>\n

\"\"<\/p>\n

“BurrowShell is a full-featured backdoor providing the threat actor with file system manipulation, screenshot…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

SloppyLemming Targets Pakistan and Bangladesh Governments Using Dual Malware Chains https:\/\/thehackernews.com\/2026\/03\/sloppylemming-targets-pakistan-and.html Publish Date: 2026-03-03 01:53:00…<\/p>\n","protected":false},"author":1,"featured_media":219336,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgfEU4zf_Kk2z8HBMdkRrw-hKeM6LmC7tBBt_P7K_2rGOfnc15ew5Y9fg4NeeCAMUNfRvcEhbLohCz6-oeONrOsfTnLDk7nEETbgewwLvjyqxprh26CYIpvGexZOvWADe0EutygQFHoGeMCa1sSNRQt-iA5meuqodGe7MK2Lpepa9CUu4PkxeszGIf_pDUH\/s1600\/malware-attack.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,32,25,34],"class_list":["post-219335","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-malware","tag-phishing","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219335"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=219335"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219335\/revisions"}],"predecessor-version":[{"id":219337,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/219335\/revisions\/219337"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/219336"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=219335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=219335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=219335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}