SideCopy | Breaking Cybersecurity News | The Hacker News

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT . The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's targeting footprint beyond government, defence, maritime sectors, and universities. "One notable shift in recent campaigns is the transition from using HTML Application (HTA) files to adopting Microsoft Installer (MSI) packages as a primary staging mechanism," security researcher Sathwik Ram Prakki said . SideCopy is suspected to be a sub-cluster within Transparent Tribe (aka APT36) that's active since at least 2019. It's so named for mimicking the attack chains associated with another threat actor called SideWinder to deliver its own payloads. In June 2024, SEQR...

Indian government entities and the defense sector have been targeted by a phishing campaign that's engineered to drop Rust-based malware for intelligence gathering. The activity, first detected in October 2023, has been codenamed  Operation RusticWeb  by enterprise security firm SEQRITE. "New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate confidential documents to a web-based service engine, instead of a dedicated command-and-control (C2) server," security researcher Sathwik Ram Prakki  said . Tactical overlaps have been uncovered between the cluster and those widely tracked under the monikers  Transparent Tribe  and SideCopy, both of which are assessed to be linked to Pakistan. SideCopy is also a suspected subordinate element within Transparent Tribe. Last month, SEQRITE  detailed  multiple campaigns undertaken by the threat actor targeting Indian government bodies to deliver numerous trojans such as AllaKo...

The suspected Pakistan-aligned threat actor known as  SideCopy  has been observed leveraging themes related to the Indian military research organization as part of an ongoing phishing campaign. This involves using a ZIP archive lure pertaining to India's Defence Research and Development Organization ( DRDO ) to deliver a malicious payload capable of harvesting sensitive information, Fortinet FortiGuard Labs  said  in a new report. The cyber espionage group, with  activity  dating back to at least 2019, targets entities that align with Pakistan government interests. It's believed to share overlaps with another Pakistani hacking crew called  Transparent Tribe . SideCopy's use of DRDO-related decoys for malware distribution was previously flagged by  Cyble  and Chinese cybersecurity firm  QiAnXin  in March 2023, and again by  Team Cymru  last month. Interestingly, the same attack chains have been observed to load and ex...

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as  SideCopy , which is so-called because of its attempts to mimic the infection chains associated with another group tracked as  SideWinder  and mislead attribution. "The lures used by SideCopy APT are usually archive files that have embedded one of these files: LNK, Microsoft Publisher or Trojanized Applications," Malwarebytes researcher Hossein Jazi  said , adding the embedded files are tailored to target government and military officials based in Afghanistan and India. The revelation comes close on the heels of  disclosures  that Meta took steps to block malicious activities carr...