Several threat actor groups have targeted public and private organizations in India lately, affecting critical infrastructures in the country. Recently, security experts from Malwarebytes revealed that a Pakistani APT group SideCopy has been targeting ministries in India and Afghanistan to pilfer Google, Twitter, and Facebook credentials and obtain access to confidential government networks, banking details, and password-protected documents.
Active since 2019, the SideCopy APT group has been targeting South Asian countries, particularly India and Afghanistan. Researchers stated the group is leveraging new initial infection vectors such as Microsoft Publisher documents and Trojanized applications to trick the users via spear-phishing campaigns. It was also observed that attackers used a new data stealer tracked as AuTo stealer.
AuTo stealer is written in C++ language and is used by attackers to deploy and load an executable (credbiz.exe) that side loads the stealer. The researchers found two variants of AuTo stealer – the HTTP version and the TCP version.
Also Read: CDSL Data Breach Exposes Sensitive Details of 44 Mn Indian Investors
The lures used by SideCopy APT are usually archived files embedded with files like – Lnk, Microsoft Publisher, or Trojanized Applications, which are specially crafted and designed to target government or military officials.
So far, the SideCopy APT targeted:
“The SideCopy APT was able to steal several Office documents and databases associated with the Government of Afghanistan. As an example, the threat actor exfiltrated Diplomatic Visa and Diplomatic ID cards from the Ministry of Foreign Affairs of Afghanistan database and the Asset Registration and Verification Authority database belonging to the General Director of Administrative Affairs Government of Afghanistan. They also were able to exfiltrate the ID cards of several Afghani government officials,” the researchers said.
In September 2020, cybersecurity solutions provider Quick Heal revealed evidence related to SideCopy’s cyberespionage campaign. Tracked as “Operation SideCopy,” the campaign targeted Indian Army personnel in 2019 to pilfer sensitive information. Researchers observed three infection chain processes in which attackers exploited equation editor vulnerability (CVE-2017-11882) as the initial infection vector. Read More Here…
The post Pakistani APT Group ‘SideCopy’ Targets Officials in India and Afghanistan appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor