The Persistent Cyber Offensive: SideCopy’s Campaign Against India’s Defense Ecosystem

In the ever-evolving landscape of cybersecurity, a troubling pattern of targeted attacks has emerged. SideCopy, a cyber-espionage group, has been relentlessly targeting Indian government entities. This group is exploiting the WinRAR flaw, CVE-2023-38831, to deliver a plethora of remote access trojans (RATs).

Investigations reveal that SideCopy has been active since at least 2019. With strong links to Pakistan, it operates with alarming precision and determination. The group’s recent campaigns utilize both Linux and Windows platforms, reflecting a grim portrait of their adaptability and resourcefulness. Interestingly, SideCopy is suspected to be a sub-group of the Transparent Tribe, known as APT36, sharing infrastructure and codes to aggress India.

The RedRaindrop team from Qihoo 360’s Threat Intelligence Center uncovered one such campaign using Indian Prime Minister Modi’s visit to the U.S. as bait. SideCopy’s diverse arsenal includes the AllaKore RAT, Ares RAT, and DRat, all capable of system information theft, keylogging, and maintaining remote access.

In a detailed analysis by the Telsy Threat Intelligence team, another alarming aspect came to the fore, showcasing SideCopy’s spear-phishing campaign. The attackers created replica phishing portals and used compromised websites like ‘mojochamps.com’ to deploy RATs through malicious file attachments and links.

Seqrite Laboratories also highlighted SideCopy’s campaigns. They observed that SideCopy and APT36 deliberately use the same decoys to attack India for their Windows and Linux variants, leveraging the same vulnerabilities and decoys previously associated with attacks involving the Defense Research and Development Organization (DRDO).

Furthermore, the SEQRITE labs APT-Team discovered that SideCopy not only targeted Linux out of convenience but possibly due to India’s adoption of Maya OS in its defense sectors, intensifying cybersecurity concerns.

SideCopy’s multifaceted campaigns resonate with an ominous tune—the persistent compromise of national security interests. The use of honey traps alongside deploying RATs to manipulate and exfiltrate information underscores the group’s dexterity in digital espionage. Acknowledging these threats, there’s an urgent need for robust countermeasures. Agencies must enhance their defensive protocols and educate personnel to recognize and counteract such insidious invasions.

Experts warn against complacency. The deployment of sophisticated RATs like BackNet and the emerging patterns in SideCopy’s strategies warrant increased vigilance. As part of proactive measures, imparting knowledge on recognizing spear-phishing attempts and emphasizing the importance of software updates are critical steps. The repercussions of such attacks are not just digital—they pose a critical risk to national security.

In conclusion, the sequence of attacks by SideCopy is a stark reminder of the significant challenges that lie ahead in cybersecurity. Whether it’s the targeting of critical government entities or the infiltration of defense systems, one thing is clear: cybersecurity is not just a concern of the IT department but is a pressing national issue that demands immediate and effective action.

For further insight and guidance on how to handle such threats, resources from Ares project and Qihoo 360’s threat intelligence products can serve as valuable assets in fortifying cyber defense strategies.