In a new report, Fortinet FortiGuard Labs observed that the suspected Pakistan-aligned threat actor SideCopy has been using themes related to the Indian military research organization as part of an ongoing phishing campaign. This campaign delivers a malicious payload capable of harvesting sensitive information by using a ZIP archive lure pertaining to India's Defence Research and Development Organization (DRDO). SideCopy has been active since at least 2019 and primarily targets entities that align with Pakistan government interests. It's believed to share overlaps with another Pakistani hacking crew called Transparent Tribe. SideCopy's use of DRDO-related decoys for malware distribution was previously flagged by Cyble and Chinese cybersecurity firm QiAnXin in March 2023, and again by Team Cymru last month. The latest infection sequence documented by Fortinet is no different, leading to the deployment of an unspecified strain of RAT that's capable of communicating with a remote server and launching additional payloads. This development is an indication that SideCopy has continued to carry out spear-phishing email attacks that use Indian government and defense forces-related social engineering lures to drop a wide range of malware.
top of page
bottom of page