Indian Hackers | Breaking Cybersecurity News | The Hacker News

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to  KnownSec 404 Team , entailed the use of a backdoor codenamed  EyeShell . Patchwork , also known by the names Operation Hangover and Zinc Emerson, is suspected to be a threat group that operates on behalf of India. Active since at least December 2015, attack chains mounted by the outfit have a narrow focus and tend to single out Pakistan and China with custom implants such as BADNEWS via spear-phishing and watering hole attacks. The adversarial collective has been found to share tactical overlaps with other cyber-espionage groups with an Indian connection, including  SideWinder  and the  DoNot Team . Earlier this May, Meta  disclosed  that it took down 50 accounts on Facebook and Instagram operated by Patchwork, which took advantage of rog...

The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry Research and Intelligence Team  said  in a technical report published Monday. Another campaign discovered by the Canadian cybersecurity company in early March 2023 shows that Turkey has also landed in the crosshairs of the threat actor's collection priorities. SideWinder  has been on the radar since at least 2012 and it's primarily known to target various Southeast Asian entities located across Pakistan, Afghanistan, Bhutan, China, Myanmar, Nepal, and Sri Lanka. Suspected to be an Indian state-sponsored group, SideWinder is also tracked under the monikers APT-C-17, APT-Q-39, Ha...

The suspected Pakistan-aligned threat actor known as  SideCopy  has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India's Defence Research and Development Organization ( DRDO ) to deliver a malicious payload capable of harvesting sensitive information, Fortinet FortiGuard Labs  said  in a new report. The cyber espionage group, with  activity  dating back to at least 2019, targets entities that align with Pakistan government interests. It's believed to share overlaps with another Pakistani hacking crew called  Transparent Tribe . SideCopy's use of DRDO-related decoys for malware distribution was previously flagged by  Cyble  and Chinese cybersecurity firm  QiAnXin  in March 2023, and again by  Team Cymru  last month. Interestingly, the same attack chains have been observed to load and ex...

The Pakistan-based advanced persistent threat (APT) actor known as  Transparent Tribe  used a two-factor authentication (2FA) tool used by Indian government agencies as a ruse to deliver a new Linux backdoor called Poseidon. "Poseidon is a second-stage payload malware associated with Transparent Tribe," Uptycs security researcher Tejaswini Sandapolla said in a technical report published this week. "It is a general-purpose backdoor that provides attackers with a wide range of capabilities to hijack an infected host. Its functionalities include logging keystrokes, taking screen captures, uploading and downloading files, and remotely administering the system in various ways." Transparent Tribe  is also tracked as APT36, Operation C-Major, PROJECTM, and Mythic Leopard, and has a track record of targeting Indian government organizations, military personnel, defense contractors, and educational entities. It has also repeatedly leveraged trojanized versions of Kavac...

A suspected Pakistan-aligned advanced persistent threat (APT) group known as  Transparent Tribe  has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called  CapraRAT . "Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET  said  in a report shared with The Hacker News. As many as 150 victims, likely with military or political leanings, are estimated to have been targeted, with the malware (APK package name " com.meetup.chat ") available to download from fake websites that masquerade as the official distribution centers of these apps. It's being suspected that the targets are lured through a honeytrap romance scam wherein the threat actor approaches the victims via another platform and persuades them to install the malware-laced apps under the pretext of "secure" messaging and calling. Howeve...