Indian organizations have been subjected to an ongoing phishing campaign by suspected Pakistani threat operation SideCopy, reports The Hacker News.
Spear-phishing emails leveraging India's Defence Research and Development Organisation as a lure have been used by SideCopy to facilitate the distribution of an information-harvesting remote access trojan with remote server communication and additional payload deployment capabilities, a report from Fortinet FortiGuard Labs revealed.
SideCopy was previously noted by Cyble, QiAnXin, and Team Cymru to be using DRDO-related lures to enable the deployment of Action RAT and AllaKore RAT. Action RAT's command-and-control infrastructure was also discovered by Team Cymru to have a server IP address with outbound connections to another address in Pakistan.
"The Action RAT infrastructure, connected to SideCopy, is managed by users accessing the Internet from Pakistan. Victim activity predated the public reporting of this campaign, in some cases by several months," said Team Cymru.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news