Researchers Warn of ReverseRAT Backdoor Targeting Indian Government Agencies

2023-02-21 05:55

A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT. Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy.

SideCopy is a threat group of Pakistani origin that shares overlaps with another actor called Transparent Tribe.

The adversarial crew was first observed delivering ReverseRAT in 2021, when Lumen's Black Lotus Labs detailed a set of attacks targeting victims aligned with the government and power utility verticals in India and Afghanistan.

Recent attack campaigns associated with SideCopy have primarily set their sights on a two-factor authentication solution known as Kavach that's used by Indian government officials.

Once the file is opened and macros are enabled, it triggers the execution of malicious code that leads to the deployment of ReverseRAT on the compromised system.

"It waits for commands to execute on the target machine, and some of its functions include taking screenshots, downloading and executing files, and uploading files to the C2 server."

News URL

https://thehackernews.com/2023/02/researchers-warn-of-reverserat-backdoor.html

#backdoor #indian #researcher