SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities


The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat.

Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a compatible version of Ares RAT.

SideCopy, active since at least 2019, is known for its attacks on Indian and Afghanistan entities. It’s suspected to be a sub-group of the Transparent Tribe (ak APT36).

“Both SideCopy and APT36 share infrastructure and code to aggressively target India,” SEQRITE researcher Sathwik Ram Prakki said in a Monday report.

Earlier this May, the group was linked to a phishing campaign that took advantage of lures related to India’s Defence Research and Development Organization (DRDO) to deliver information-stealing malware.

Since then, SideCopy has also been implicated in a set of phishing attacks targeting the Indian defense sector with ZIP archive attachments to propagate Action RAT and a new .NET-based trojan that supports 18 different commands.

The new phishing campaigns detected by SEQRITE entail two different attack chains, each targeting Linux and Windows operating systems.

Read more…