BTC $63479.2080
ETH $3102.3210
BNB $553.9303
SOL $138.6944
stETH $3095.0573
XRP $0.4977
DOGE $0.1616
TON $6.5573
ADA $0.4609
AVAX $35.1800
wstETH $3604.0886
WBTC $63444.7835
TRX $0.1115
WETH $3097.1785
BCH $508.1534
DOT $6.7139
LINK $13.5848
MATIC $0.7078
UNI $7.2517
LTC $78.0969
ICP $12.3388
DAI $0.9999
CAKE $2.7613
RNDR $8.2936
FDUSD $0.9976
IMX $1.9531
ETC $26.4901
STX $2.5389
MNT $1.1217
TAO $525.3353
OKB $57.6303
FIL $6.0159
NEAR $5.2270
VET $0.0414
MKR $3079.1039
HBAR $0.0795
KAS $0.1206
WIF $2.7619
ATOM $8.1379
GRT $0.2535
CORE $2.6998
USDE $0.9998
XMR $123.1697
FET $2.0557
INJ $24.4523
XLM $0.1076
PEPE $0.0000
BTC $63479.2080
ETH $3102.3210
BNB $553.9303
SOL $138.6944
stETH $3095.0573
XRP $0.4977
DOGE $0.1616
TON $6.5573
ADA $0.4609
AVAX $35.1800
wstETH $3604.0886
WBTC $63444.7835
TRX $0.1115
WETH $3097.1785
BCH $508.1534
DOT $6.7139
LINK $13.5848
MATIC $0.7078
UNI $7.2517
LTC $78.0969
ICP $12.3388
DAI $0.9999
CAKE $2.7613
RNDR $8.2936
FDUSD $0.9976
IMX $1.9531
ETC $26.4901
STX $2.5389
MNT $1.1217
TAO $525.3353
OKB $57.6303
FIL $6.0159
NEAR $5.2270
VET $0.0414
MKR $3079.1039
HBAR $0.0795
KAS $0.1206
WIF $2.7619
ATOM $8.1379
GRT $0.2535
CORE $2.6998
USDE $0.9998
XMR $123.1697
FET $2.0557
INJ $24.4523
XLM $0.1076
PEPE $0.0000
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Updated Pakistani Trojan ReverseRAT targets Indian government agencies

    Security company ThreatMon has discovered a spear-phishing campaign targeting government agencies in India that leads to the deployment of an updated version of the ReverseRAT trojan. ThreatMon experts attributed this activity to the SideCopy group.

    SideCopy is a Pakistani-born hacker group that overlaps with another threat actor called the Transparent Tribe. It is so named because it mimics SideWinder's infection chains to deliver its own malware. SideCopy was first seen in 2021 during the deployment of ReverseRAT in attacks against governments and energy companies in India and Afghanistan.

    The detected SideCopy campaign uses the Kavach two-factor authentication program, which is used by Indian civil servants. The infection chain begins with a phishing email containing a macro-enabled Word document (“Cyber Advisory 2023.docm”).

    The file mimics the recommendation of the Ministry of Communications of India on threats to Android devices and the response to them ("Android Threats and Prevention"). In addition, much of the content was copied from the actual Ministry's warning.

    Once the file is opened and macros are enabled, malicious code is executed that causes ReverseRAT to be deployed on the compromised system. Once ReverseRAT obtains persistence, it enumerates the victim's devices, collects the data, encrypts it with RC4, and sends it to the command and control server (C2, C&C). The backdoor waits for commands to be executed on the target machine, and some of its features include taking screenshots, downloading and executing files, and exfiltrating files to a C2 server.

    The ReverseRAT backdoor was first discovered in 2021 by Black Lotus Labs. Then the experts explained that the operators of the Trojan are targeting government and energy organizations in the regions of South and Central Asia.

    Since 2020, SideWinder, to which the SideCopy group is affiliated, has carried out a streak of 1,000 attacks using increasingly sophisticated cyberattack techniques. In 2022, Kaspersky Lab spoke about SideWinder's targets - the military and law enforcement agencies of Pakistan, Bangladesh and other South Asian countries. The group is believed to be associated with the government of India, but Kaspersky Lab claims that the group is not affiliated with any country.

    Author DeepWeb
    Asian scammers made about $3 million using "Pig Butchering" method
    Samsung will protect its users from invisible Zero-Click attacks

    Comments 0

    Add comment