A new targeted phishing campaign has zoomed in on a two-factor authentication solution called Kavach that’s used by Indian government officials.
Cybersecurity firm Securonix dubbed the activity STEPPY#KAVACH, attributing it to a threat actor known as SideCopy based on tactical overlaps with prior attacks.
“.LNK files are used to initiate code execution which eventually downloads and runs a malicious C# payload, which functions as a remote access trojan (RAT),” Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a new report.
It’s also known to impersonate attack chains leveraged by SideWinder, a prolific nation-state group that disproportionately singles out Pakistan-based military entities, to deploy its own toolset.
images from Hacker News