Indian organizations have been subjected to an ongoing phishing campaign by suspected Pakistani threat operation SideCopy, reports The Hacker News.
Spear-phishing emails leveraging India's Defence Research and Development Organisation as a lure have been used by SideCopy to facilitate the distribution of an information-harvesting remote access trojan with remote server communication and additional payload deployment capabilities, a report from Fortinet FortiGuard Labs revealed.
SideCopy was previously noted by Cyble, QiAnXin, and Team Cymru to be using DRDO-related lures to enable the deployment of Action RAT and AllaKore RAT. Action RAT's command-and-control infrastructure was also discovered by Team Cymru to have a server IP address with outbound connections to another address in Pakistan.
"The Action RAT infrastructure, connected to SideCopy, is managed by users accessing the Internet from Pakistan. Victim activity predated the public reporting of this campaign, in some cases by several months," said Team Cymru.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news