"SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities"

SideCopy, a Pakistan-linked threat actor, has been using the recent WinRAR security vulnerability in its attacks against Indian government entities to deliver various Remote Access Trojans (RATs) such as AllaKore RAT, Ares RAT, and DRat. The enterprise security company SEQRITE describes the campaign as multi-platform. The attacks are also designed to infiltrate Linux systems with a compatible version of Ares RAT. SideCopy has been active since at least 2019, and is known for its attacks on Indian and Afghan entities. It is suspected of being a subgroup of the Transparent Tribe actor, also known as APT36. According to SEQRITE researcher Sathwik Ram Prakki, both SideCopy and APT36 share infrastructure and code that aggressively target India. Earlier this year, the group was linked to a phishing campaign involving lures associated with India's Defence Research and Development Organization (DRDO) to deliver malware. This article continues to discuss SideCopy's exploitation of the WinRAR security vulnerability in its attacks targeting Indian government entities.

THN reports "SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities"

Submitted by grigby1

Submitted by Gregory Rigby on