SideCopy Hackers Target Indian Government Officials With New Malware
The Cisco Talos team has recorded an increased number of cyberattacks against targets in India. The organizer of the malicious campaign is the SideCopy criminal group.
SideCopy members carry out cyberattacks against government officials in India using tactics, techniques and procedures similar to APT36 (also known as Mythic Leopard and Transparent Tribe). According to experts, the SideCopy infrastructure indicates a particular interest in targets in Pakistan and India, since the malware used only initiates actions in these two countries.
SideCopy has been in operation since at least 2018 and has developed new remote access Trojans, some of which use plugins to add additional functionality. RATs developed by SideCopy include:
- MargulasRAT – Disguised as a VPN app from the National Center for Informatics of India;
- DetaRAT is a previously unknown C # based RAT that contains several functions similar to CetaRAT;
- ReverseRAT is a new C # based reverse wrapper that also monitors removable drives. Developed based on CetaRAT;
- ActionRAT – Delphi based RAT, similar to Allakorem.
SideCopy distributes its RATs using many different infection methods, from LNK files to self-extracting RAR EXEs and MSI-based installers.
Catch up on more articles here
Follow us on Twitter here