The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Pakistani Hackers

SideCopy Hackers Target Indian Government Officials With New Malware

SideCopy Hackers Target Indian Government Officials With New Malware

July 08, 2021Ravie Lakshmanan
A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans (RATs), signaling a "boost in their development operations." Attributed to a group tracked as SideCopy, the intrusions culminate in the deployment of a variety of modular plugins, ranging from file enumerators to browser credential stealers and keyloggers (Xeytan and Lavao), Cisco Talos said in a report published Wednesday. "Targeting tactics and themes observed in SideCopy campaigns indicate a high degree of similarity to the Transparent Tribe APT (aka APT36) also targeting India," researchers Asheer Malhotra and Justin Thattil  said . "These include using decoys posing as operational documents belonging to the military and think tanks and honeytrap-based infections." First documented in September 2020 by Indian cybersecurity firm Quick Heal,  SideCopy  has a 
Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal

May 14, 2021Ravie Lakshmanan
Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called  Transparent Tribe , also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other fake domains posing as file-sharing sites to host malicious artifacts. "While military and defense personnel continue to be the group's primary targets, Transparent Tribe is increasingly targeting diplomatic entities, defense contractors, research organizations and conference attendees, indicating that the group is expanding its targeting," researchers from Cisco Talos  said  on Thursday. These domains are used to deliver maldocs distributing  CrimsonRAT , and ObliqueRAT, with the group incorporating new phishing, lu
Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan

Warning — 5 New Trojanized Android Apps Spying On Users In Pakistan

January 12, 2021Ravie Lakshmanan
Cybersecurity researchers took the wraps off a new spyware operation targeting users in Pakistan that leverages trojanized versions of legitimate Android apps to carry out covert surveillance and espionage. Designed to masquerade apps such as the Pakistan Citizen Porta l, a Muslim prayer-clock app called Pakistan Salat Time , Mobile Packages Pakistan , Registered SIMs Checker , and TPL Insurance , the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable (DEX) file. "The DEX payload contains most of the malicious features, which include the ability to covertly exfiltrate sensitive data like the user's contact list and the full contents of SMS messages," Sophos threat researchers Pankaj Kohli and Andrew Brandt said. "The app then sends this information to one of a small number of command-and-control websites hosted on servers located in eastern Europe." Interestingly, t
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.