Security News > 2021 > July > India under attack by rapidly-evolving advanced persistent threat actor SideCopy, says Cisco Talos
Cisco's Talos security unit says it has detected an increased rate of attacks on targets on the Indian subcontinent and named an advanced persistent threat actor named SideCopy as the source.
SideCopy's infrastructure, Talos opined, "Indicates a special interest in victims in Pakistan and India," as the malware used only initiates actions if it detects infections in those two countries.
The name SideCopy appears to have first been used by security firm Seqrite in a September 2020 analysis of previous attacks on Indian military targets.
Whatever SideCopy's age, Talos claims it has observed "a boost in their development operations".
Talos says SideCopy is slinging its RATS using "Many infection techniques - ranging from LNK files to self-extracting RAR EXEs and MSI-based installers" and that the use of multiple tactics "Is an indication that the actor is aggressively working to infect their victims".
Talos also suggests that SideCopy has more exploits in store.
News URL
Related news
- Healthcare attacks spread beyond US – just ask India's Star Health (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- AI-Assisted Attacks Top Cyber Threat For Third Consecutive Quarter, Gartner Finds (source)