Sunday, February 9, 2025
Homecyber securityPakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files

Pakistani APT Hackers Attacking Indian Govt Entities With Weaponized Shortcut Files

Published on

SIEM as a Service

Follow Us on Google News

Cybersecurity experts at Seqrite Labs have reported a surge in cyberattacks against Indian government entities.

These attacks have been attributed to Pakistani Advanced Persistent Threat (APT) groups, which have been intensifying their malicious activities.

Attack Methods

The recent campaigns uncovered by Seqrite Labs’ APT team reveal a sophisticated level of cyber warfare.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

The Pakistani-linked APT group SideCopy has been particularly active, deploying its commonly used AllaKore Remote Access Trojan (RAT) in three separate campaigns.

Attack Chain of SideCopy
Attack Chain of SideCopy

In each of these campaigns, two instances of the RAT were used simultaneously, showcasing the group’s aggressive tactics.

Simultaneously, Transparent Tribe (APT36), the parent group of SideCopy, has been consistently utilizing the Crimson RAT.

However, they have modified their approach by encoding or packing the RAT differently to evade detection.

Targets

The primary targets of these cyberattacks are Indian defense and government entities.

SideCopy and APT36 have been persistent in their efforts to infiltrate these sectors since at least 2019.

The decoy files used in previous campaigns in February-March 2023 have been observed. 

“Grant_of_Risk_and_HardShip_Allowances_Mar_24.pdf.” As the name suggests, it is an advisory from 2022 on allowance grants to Army officers under India’s Ministry of Defence.

Decoy Files
Decoy Files

Their arsenal is not limited to AllaKore and Crimson RATs but includes other malicious tools such as Ares RAT, Action RAT, Reverse RAT, and Margulas RAT.

The impact of these cyberattacks is significant, as they compromise the security and integrity of critical government systems.

The persistent targeting of these entities threatens national security and puts sensitive data at risk of being exploited.

Countermeasures

In response to these escalating threats, Indian cybersecurity forces are urged to strengthen their defenses and remain vigilant.

This includes updating security protocols, conducting regular system checks, and training personnel to effectively recognize and respond to cyber threats.

As geopolitical tensions continue influencing the cyber threat landscape, India remains a prime target for APT groups.

Seqrite Labs’ recent findings underscore the need for robust cybersecurity measures to protect against these sophisticated and persistent threats.

Combat Email Threats with Easy-to-Launch Phishing Simulations: Email Security Awareness Training -> Try Free Demo 

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

UK Pressures Apple to Create Global Backdoor To Spy on Encrypted iCloud Access

United Kingdom has reportedly ordered Apple to create a backdoor allowing access to all...

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...