Researchers at Cisco Talos recently published a report detailing the activity of the advanced persistent threat group known as SideCopy, which has recently been targeting India with new Trojans. The threat group has been active since 2019 and focuses on valuable assets when choosing its targets. SideCopy has previously targeted the Indian defense forces and military personnel. Researchers have allegedly witnessed a recent surge in activity originating from the group, including the deployment of new techniques, tactics, and tools. Multiple new remote access trojans and plugins are now being leveraged by the APT, according to Cisco Talos.
This particular APT also attempts to conceal its identity by copying techniques used by another APT referred to as Sidewinder. Sidewinder is believed to have been behind attacks on the Pakistani military and other targets across Asia. SideCopy is now taking a play from Transparent Tribe, APT36, that strikes at Indian government and military units, with a recent focus on Afghanistan. Cisco Talos stated that the group shifted from deploying CetaRAT to four new customized Trojans and two commodity RATs known as Lilith and Epicenter for its attacks on the Indian government.
Read More: SideCopy cybercriminals use new custom Trojans in attacks against India’s military