Security News > 2021 > July > SideCopy Hackers Target Indian Government Officials With New Malware

A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans, signaling a "Boost in their development operations."

First documented in September 2020 by Indian cybersecurity firm Quick Heal, SideCopy has a history of mimicking infections chains implemented by the Sidewinder APT to deliver its own set of malware - in an attempt to mislead attribution and evade detection - while constantly retooling payloads that includes additional exploits in its weaponry after a reconnaissance of the victim's data and environment.

The adversary is also believed to be of Pakistani origin, with suspected ties to the Transparent Tribe group, which has been linked to several attacks targeting the Indian military and government entities.

Past campaigns undertaken by the threat actor involve using government and military-related lures to single out Indian defense units and armed forces personnel and deliver malware capable of accessing files, clipboard data, terminating processes, and even executing arbitrary commands.

The latest wave of attacks leverages a multitude of TTPs, including malicious LNK files and decoy documents, to deliver a combination of bespoke and commercially available commodity RATs such as CetaRAT, DetaRAT, ReverseRAT, MargulasRAT, njRAT, Allakore, ActionRAT, Lillith, and Epicenter RAT. Apart from military themes, SideCopy has also been found employing calls for proposals and job openings related to think tanks in India to target potential victims.

"The development of new RAT malware is an indication that this group of attackers is rapidly evolving its malware arsenal and post-infection tools since 2019," Malhotra and Thattil noted.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/4lU_0vXVGNw/sidecopy-hackers-target-indian.html