Last Updated on 10/12/2021 by Nidhi Khandelwal
SideCopy, a Pakistani threat actor, has been launching espionage strikes against the Indian and Afghan governments.
The gang has gained access to government websites as well as key Google, Twitter, and Facebook credentials. APT36 is thought to be a subset of SideCopy.
So, what happened?
According to Malwarebytes, the organization attempted to mislead attribution by imitating the infection chains of another group, SideWinder.
The SideCopy APT outfit curated harmful files exclusively for Indian and Afghan government and military figures.
Personnel working for the President of Afghanistan’s Administration Office, the Ministry of Finance, the Ministry of Foreign Affairs, and the National Procurement Authority were targeted in the attacks.
From Afghani websites, the attackers obtained different Office records, including phone numbers, names, and email addresses of officials, as well as databases, including identity cards, diplomatic visas, and asset registrations.
They also took passwords for social media and password-protected documents from Afghan targets.
They also hacked into shared computers in India.
All of the stolen data could be utilized in future decoys or assaults against the people who were targeted.
The feature of operations
To seduce its victim, the organization employed archive files inserted in LNK, Microsoft Publisher, or trojanized apps.
The campaign enticed visitors to open a document, which then launched a loader that dropped a multi-featured next-stage remote access trojan called ActionRAT.
In addition, the loader was used to drop AuTo Stealer, a new information stealer that captures PDF documents, Office/text/database files, and photos before transferring them via HTTP or TCP.
Conclusion
It is well known that nation-state actors target their rivals in geographic locations that are congruent with their objectives. SideCopy appears to be doing the same, and its operations are anticipated to continue. As a result, it is recommended that government bodies invest more in security and be watchful against such dangerous organizations.
