Select Page

A spear-phishing campaign targeting Indian government entities aims to deploy an updated version of a backdoor called ReverseRAT.

Cybersecurity firm ThreatMon attributed the activity to a threat actor tracked as SideCopy.

SideCopy is a threat group of Pakistani origin that shares overlaps with another actor called Transparent Tribe. It is so named for mimicking the infection chains associated with SideWinder to deliver its own malware.

The adversarial crew was first observed delivering ReverseRAT in 2021, when Lumen’s Black Lotus Labs detailed a set of attacks targeting victims aligned with the government and power utility verticals in India and Afghanistan.

Recent attack campaigns associated with SideCopy have primarily set their sights on a two-factor authentication solution known as Kavach (meaning “armour” in Hindi) that’s used by Indian government officials.

images from Hacker News