Security News > 2023 > November > SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat.

Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a compatible version of Ares RAT. SideCopy, active since at least 2019, is known for its attacks on Indian and Afghanistan entities.

SideCopy has also been implicated in a set of phishing attacks targeting the Indian defense sector with ZIP archive attachments to propagate Action RAT and a new.

The second campaign, on the other hand, entails the exploitation of CVE-2023-38831, a security flaw in the WinRAR archiving tool, to trigger the execution of malicious code, leading to the deployment of AllaKore RAT, Ares RAT, and two new trojans called DRat and Key RAT. " has the functionality to steal system information, keylogging, take screenshots, upload & download files, and take the remote access of the victim machine to send commands and upload stolen data to the C2," Ram Prakki said.

The targeting of Linux is not coincidental and is likely motivated by India's decision to replace Microsoft Windows with a Linux flavor called Maya OS across government and defense sectors.

"APT36 is expanding its Linux arsenal constantly, where sharing its Linux stagers with SideCopy is observed to deploy an open-source Python RAT called Ares.".

News URL

https://thehackernews.com/2023/11/sidecopy-exploiting-winrar-flaw-in.html