Pakistan-Origin SideCopy Linked to New Cyberattack on India's Ministry of Defence

2023-03-28 12:31

An advanced persistent threat group that has a track record of targeting India and Afghanistan has been linked to a new phishing campaign that delivers Action RAT. According to Cyble, which attributed the operation to SideCopy, the activity cluster is designed to target the Defence Research and Development Organization, the research and development wing of India's Ministry of Defence.

Known for emulating the infection chains associated with SideWinder to deliver its own malware, SideCopy is a threat group of Pakistani origin that shares overlaps with Transparent Tribe.

These messages come bearing a ZIP archive file that contains a Windows shortcut file masquerading as information about the K-4 ballistic missile developed by DRDO. Executing the.

The malware, in addition to gathering information about the victim machine, is capable of running commands sent from a command-and-control server, including harvesting files and dropping follow-on malware.

Also deployed is a new information-stealing malware referred to as AuTo Stealer that's equipped to gather and exfiltrate Microsoft Office files, PDF documents, database and text files, and images over HTTP or TCP. "The APT group continuously evolves its techniques while incorporating new tools into its arsenal," Cyble noted.

This is not the first time SideCopy has employed Action RAT in its attacks directed against India.

News URL

https://thehackernews.com/2023/03/pakistan-origin-sidecopy-linked-to-new.html

#cyberattack #india #ministryofdefence