Pakistan-Linked SideCopy Targets Afghanistan Finance Ministry with Xeno RAT

Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing delivery - a ZIP archive containing a malicious LNK file bearing a carefully crafted Pashto-language filename,"

The article describes a Pakistan-aligned threat group, SideCopy, conducting a targeted spear-phishing campaign against Afghanistan's Ministry of Finance using a ZIP-delivered LNK file that deploys the open-source Xeno RAT remote access trojan. This is a classic nation-state-style espionage and intrusion operation, not specifically an AI-driven attack. From a CyberSE.AI perspective, such campaigns illustrate how government and finance-sector environments are high-value targets for persistent, adaptive attackers who will inevitably pivot to abusing AI-powered agents and workflows as they are deployed into these environments. Organizations should proactively conduct Continuous AI Red Teaming to test how their current and planned AI agents could be exploited via similar phishing, payload delivery, and remote-control patterns, ensuring robust input validation, privilege boundaries, and monitoring around any AI-assisted decision-making in critical ministries or financial operations.