Indian authorities have issued a warning to their staff about a cyber threat group linked to Pakistan. The group exploits flaws in WinRAR software to deploy Trojans such as AllaKore and Ares onto government networks. WinRAR is a file archiver utility for Windows that is often used to manage compressed files and can create and view archives in RAR or ZIP format.
According to a report by MoneyControl, this is the latest in a series of attacks that Indian government agencies are facing from cyber attackers linked to foreign nation states. These attackers typically target institutions such as defense agencies to steal sensitive information.
Moneycontrol’s previous report highlighted warnings about cyber attackers linked to Pakistan and China targeting Indian officials.
What are the techniques used by these hackers associated with Pakistan
An advisory reviewed by the publication and issued by the government on April 9th shows that a group known as SideCopy is exploiting vulnerabilities in WinRAR to install remote access Trojans (RATs) such as AllaKore and Ares. It turns out that we are running the code silently.
The security advisory states that the deployed payload can steal system information, log keystrokes, capture screenshots, manage file uploads and downloads, remotely control compromised systems to execute commands, and steal stolen data. can be relayed to a command and control (C2) server.
SideCopy has been active since at least 2019 and is believed to be a Pakistani group that primarily targets organizations in South Asian countries, particularly the Indian defense sector and Afghanistan.
Their typical strategy involves sending phishing emails containing defense-related decoys. These emails contain malicious attachments that, when opened, allow him to install a RAT and take control of the targeted system.
The government’s recommendations also include recommendations for authorities to upgrade WinRAR to the latest version, identify and isolate infected systems from their networks, and conduct a thorough security audit of their cybersecurity infrastructure. It is.
WinRAR is a file archiver utility for Windows that allows you to create and view archives in RAR or ZIP format and extract many archive file formats.
According to a report by MoneyControl, this is the latest in a series of attacks that Indian government agencies are facing from cyber attackers linked to foreign nation states. These attackers typically target institutions such as defense agencies to steal sensitive information.
Moneycontrol’s previous report highlighted warnings about cyber attackers linked to Pakistan and China targeting Indian officials.
What are the techniques used by these hackers associated with Pakistan
An advisory reviewed by the publication and issued by the government on April 9th shows that a group known as SideCopy is exploiting vulnerabilities in WinRAR to install remote access Trojans (RATs) such as AllaKore and Ares. It turns out that we are running the code silently.
Expanding
The security advisory states that the deployed payload can steal system information, log keystrokes, capture screenshots, manage file uploads and downloads, remotely control compromised systems to execute commands, and steal stolen data. can be relayed to a command and control (C2) server.
SideCopy has been active since at least 2019 and is believed to be a Pakistani group that primarily targets organizations in South Asian countries, particularly the Indian defense sector and Afghanistan.
Their typical strategy involves sending phishing emails containing defense-related decoys. These emails contain malicious attachments that, when opened, allow him to install a RAT and take control of the targeted system.
The government’s recommendations also include recommendations for authorities to upgrade WinRAR to the latest version, identify and isolate infected systems from their networks, and conduct a thorough security audit of their cybersecurity infrastructure. It is.
WinRAR is a file archiver utility for Windows that allows you to create and view archives in RAR or ZIP format and extract many archive file formats.
