PAKISTAN HACKING GROUP SIDECOPY TARGETS INDIA AND AFGHAN GOVERNMENT
Pakistani threat actor “SideCopy” has been targeting Indian and Afghan government officials, especially military officials by stealing their credentials of targets from government portals, Facebook, Twitter and Google credentials, banking information, and password-protected documents.
The latest report by Malwarebytes detailed the new tactics and tools adopted by the APT Group “SideCopy”. This is so-called because it attempts to mimic an infection chain associated with another group that has been tracked as follows: SideWinder Misleading attribution.
A Cyber espionage campaign was observed by Malwarebytes in which a target can be lured via document leading to the execution of a loader that’s used to drop a next-stage remote access trojan called ActionRAT, which is capable of uploading files, executing commands received from a server, and even download more payloads.
Earlier also SideCopy was spotted imitating the Indian threat group SideWinder’s infection chains to deliver its own set of malware. SideCopy hackers appear to be highly motivated by the attack methods used by Indian APT groups like SideWinder that have been tormenting governments and enterprises in South Asia and East Asia since 2012. Other Indian groups that have come into the limelight for the same purpose include Phronesis, Aglaya, CyberRoot Risk Advisory, and ClearTrail technologies.
We can say that Indian offensive market is blooming day by day. Many Indian firms such as Phronesis, a cyber-intelligence firm by security experts Retd. Brigadier Prabhakar Bryan Miranda and Ram Chander Chhillar, has played a huge role in the fifth-generation warfare. One of its recent achievements were listed in the APT report, Monsoon.
Indian firm Aglaya headed by Ankur Srivastava involves security and competitiveness in the changing world by expanding the export of their cyber-surveillance technologies – intrusion software, mobile telecommunications interception equipment, cyber forensics, etc.
Indore-based ClearTrail Technologies set up by Praveen Kankariya is a renowned lawful interception solution provider offering a wide range of communication interception solutions, monitoring & analytics solutions to intelligence agencies that conduct mission-critical operations to neutralise threats & solve the crime.
Vibhor Sharma’s CyberRoot Risk Advisory provides cyber forensics investigation, penetration testing, physical access control and security testing, wireless security, network security and mobile application audit.
The companies stating above are the Indian cyber intelligence companies that were participating in ISS Wold fair and are serving across the world especially in Middle East.
Apparently, Indian offensive cyber surveillance was developed to counter or prevent attacks but now their techniques have been picked up by the rival states. These techniques were first mastered by China and later adopted by Asian countries.