SloppyLemming Dual‑Chain Attack Targets Pakistan and Bangladesh Government Networks

The threat group identified as SloppyLemming conducted a coordinated campaign against ministries, law‑enforcement agencies, and critical infrastructure operators in Pakistan and Bangladesh. Their methodology chained two distinct payloads: a BurrowShell implant that established long‑term persistence on compromised hosts, followed by a custom‑written Rust keylogger designed to harvest credentials and session tokens. The operation unfolded over more than a year, leveraging legitimate administrative tools to move laterally and maintain a low profile.

The intrusion gave the attackers deep, multi‑sector footholds, enabling credential theft, potential exfiltration of sensitive data, and the ability to pivot into other high‑value systems. Defenders should prioritize detection of the BurrowShell persistence mechanism and Rust‑based keyloggers, tighten monitoring of unusual binary execution, enforce strict credential hygiene, and segment critical networks to limit lateral movement. Early identification of this dual‑chain pattern can prevent further compromise of government and critical services.

Categories: Threat Intelligence, Malware & Ransomware

Source: Read original article