New SideCopy attacks impact Indian entities

Indian organizations have been subjected to an ongoing phishing campaign by suspected Pakistani threat operation SideCopy, reports The Hacker News. Spear-phishing emails leveraging India's Defence Research and Development Organisation as a lure have been used by SideCopy to facilitate the distribution of an information-harvesting remote access trojan with remote server communication and additional payload deployment capabilities, a report from Fortinet FortiGuard Labs revealed. SideCopy was previously noted by Cyble, QiAnXin, and Team Cymru to be using DRDO-related lures to enable the deployment of Action RAT and AllaKore RAT. Action RAT's command-and-control infrastructure was also discovered by Team Cymru to have a server IP address with outbound connections to another address in Pakistan. "The Action RAT infrastructure, connected to SideCopy, is managed by users accessing the Internet from Pakistan. Victim activity predated the public reporting of this campaign, in some cases by several months," said Team Cymru.