SideCopy XenoRAT Malware Attack Targets Afghan Networks

Operation XENOFISCAL describes a targeted cyber-espionage campaign by the SideCopy/Transparent Tribe cluster that used Pashto-labeled spear-phishing shortcuts to execute fileless XenoRAT via mshta, reconstruct a .NET payload in memory, and establish persistent backdoor access to government workstations (C2 observed at 185.235.137.106); the campaign specifically targeted the Afghan Ministry of Finance and delivered realistic decoy documents to mask compromise.