Security News > 2021 > July > India under attack by rapidly-evolving advanced persistent threat actor SideCopy, says Cisco Talos
Cisco's Talos security unit says it has detected an increased rate of attacks on targets on the Indian subcontinent and named an advanced persistent threat actor named SideCopy as the source.
SideCopy's infrastructure, Talos opined, "Indicates a special interest in victims in Pakistan and India," as the malware used only initiates actions if it detects infections in those two countries.
The name SideCopy appears to have first been used by security firm Seqrite in a September 2020 analysis of previous attacks on Indian military targets.
Whatever SideCopy's age, Talos claims it has observed "a boost in their development operations".
Talos says SideCopy is slinging its RATS using "Many infection techniques - ranging from LNK files to self-extracting RAR EXEs and MSI-based installers" and that the use of multiple tactics "Is an indication that the actor is aggressively working to infect their victims".
Talos also suggests that SideCopy has more exploits in store.