Amidst heightened concerns over potential interference in India’s upcoming general elections, Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal Technologies Limited, has uncovered an alarming escalation in cyberattacks orchestrated by Pakistan-linked advanced persistent threat (APT) groups targeting crucial Indian government and military entities. Seqrite’s elite APT research team has been meticulously monitoring these malicious campaigns, unveiling critical insights into the ever-evolving tactics, techniques, and procedures (TTPs) employed by the adversaries.
At the forefront of these attacks is SideCopy, a formidable Pakistan-based APT group that has persistently targeted South Asian countries, with a laser-focus on compromising Indian defense and government organisations since at least 2019. In recent weeks alone, Seqrite has detected three distinct campaigns launched by this group, each characterized by the deployment of two instances of the AllaKore remote access trojan (RAT) as the final malicious payload.
Simultaneously, Transparent Tribe (APT36), SideCopy’s overarching parent APT entity, has been relentlessly utilizing advanced variants of the Crimson RAT, a sophisticated .NET-based remote access tool designed for extensive system control and persistent access. Transparent Tribe has consistently targeted India since its emergence in 2013.
The intensifying cyberattack campaigns spearheaded by these Pakistani APT groups represent a severe and escalating threat to our national security, especially in light of the ongoing general elections. Seqrite’s findings not only expose the cutting-edge offensive tactics being leveraged by the adversaries but also unveil the deep-rooted connections between different threat groups. This necessitates a coordinated and proactive cybersecurity posture across all critical infrastructure to safeguard the integrity of our democratic processes.
The infection chains dissected by Seqrite typically commence with carefully crafted spear-phishing emails delivering malicious attachments or links that exploit vulnerabilities to gain initial footholds within target networks. Once compromised, these entry points are then leveraged to deploy an array of malware payloads, including the AllaKore and Crimson RATs, granting the attackers extensive remote control and unfettered access to infected systems.
Through its comprehensive analysis, Seqrite has uncovered significant code overlaps and shared infrastructure between SideCopy and Transparent Tribe, further reinforcing the direct connection between these groups. The research also exposed APT36’s adoption of obfuscation techniques like .NET Reactor to enhance the evasiveness and persistence of their malware implants.
The persistent targeting of Indian government and defense entities by Pakistani APT groups is not a new phenomenon. However, the recent surge in attack volumes and the escalating sophistication of the adversaries’ TTPs, particularly in the run-up to the general elections, represent a substantial escalation in the evolving cyber threat landscape faced by the nation.
Seqrite strongly advices organisations especially those involved in the electoral process, to implement robust cybersecurity measures as an immediate priority. This includes ensuring regular software updates, deploying advanced email filtering and web security solutions, and conducting comprehensive security awareness training to educate employees on identifying and mitigating social engineering tactics. Furthermore, Seqrite recommends the adoption of multi-factor authentication mechanisms, the conduct of regular security assessments and penetration testing exercises, and the establishment of comprehensive incident response plans to minimize the potential impact of successful breaches.
For an in-depth analysis of the recent infection chains, decoy documents, malware payloads, and IoCs associated with SideCopy and Transparent Tribe’s campaigns, please refer to Seqrite’s detailed threat research whitepaper available at https://www.seqrite.com/blog/pakistani-apts-escalate-attacks-on-indian-gov-seqrite-labs-unveils-threats-and-connections/
About Seqrite
Seqrite is a leading enterprise cybersecurity solutions provider. With a focus on simplifying cybersecurity, Seqrite delivers comprehensive solutions and services through our patented, AI/ML-powered tech stack to protect businesses against the latest threats by securing devices, applications, networks, cloud, data, and identity. Seqrite is the Enterprise arm of the global cybersecurity brand, Quick Heal Technologies Limited, the only listed cybersecurity products and solutions company in India.
We are the first and only Indian company to have solidified India’s position on the global map by collaborating with the Govt. of the USA on its NIST NCCoE’s Data Classification project. We are differentiated by our easy-to-deploy, seamless-to-integrate comprehensive solutions providing the highest level of protection against emerging and sophisticated threats powered by state-of-the-art threat intelligence and playbooks backed by world-class service provided by best-in-class security experts at India’s largest malware analysis lab – Seqrite Labs. We are the only Indian full-stack company aligned with CSMA architecture recommendations, offering award-winning Endpoint Protection, Enterprise Mobility Management, Zero Trust Network Access, and many more. Seqrite Data Privacy management solution enables organizations to stay fully compliant with the DPDP Act and global regulations.
Today, 30,000+ enterprises in more than 76 countries trust Seqrite with their cybersecurity needs.