Security News > 2021 > July > SideCopy Hackers Target Indian Government Officials With New Malware
A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans, signaling a "Boost in their development operations."
First documented in September 2020 by Indian cybersecurity firm Quick Heal, SideCopy has a history of mimicking infections chains implemented by the Sidewinder APT to deliver its own set of malware - in an attempt to mislead attribution and evade detection - while constantly retooling payloads that includes additional exploits in its weaponry after a reconnaissance of the victim's data and environment.
The adversary is also believed to be of Pakistani origin, with suspected ties to the Transparent Tribe group, which has been linked to several attacks targeting the Indian military and government entities.
Past campaigns undertaken by the threat actor involve using government and military-related lures to single out Indian defense units and armed forces personnel and deliver malware capable of accessing files, clipboard data, terminating processes, and even executing arbitrary commands.
The latest wave of attacks leverages a multitude of TTPs, including malicious LNK files and decoy documents, to deliver a combination of bespoke and commercially available commodity RATs such as CetaRAT, DetaRAT, ReverseRAT, MargulasRAT, njRAT, Allakore, ActionRAT, Lillith, and Epicenter RAT. Apart from military themes, SideCopy has also been found employing calls for proposals and job openings related to think tanks in India to target potential victims.
"The development of new RAT malware is an indication that this group of attackers is rapidly evolving its malware arsenal and post-infection tools since 2019," Malhotra and Thattil noted.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/4lU_0vXVGNw/sidecopy-hackers-target-indian.html
Related news
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)