BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Cybercriminals attack Indian officials


    Securonix researchers named this phishing campaign STEPPY#KAVACH, attributing it to the SideCopy hacker group, as such tactics and methods were used only by these cybercriminals in previous attacks.

    SideCopy is an alleged Pakistani hacking group active since 2019. The group sometimes attempts to pass off their attacks as SideWinder attacks.

    The latest attack scenario described by Securonix involves the use of phishing emails in order for a potential victim to open an LNK file to execute an HTA payload using the mshta.exe utility. According to experts, the HTML application was found on a hacked site nested in the gallery directory, which is designed to store images on the site.

    The hacked site is incometaxdelhi[.]org, the official website of the Delhi Income Tax Department.

    In the next step, running the HTA file leads to the execution of obfuscated JavaScript code, which creates a fake image containing an announcement from the Indian Ministry of Defense, made a year ago, in December 2021. The JS code then downloads the executable from the remote server, pins it to the system with changes to the Windows registry, and restarts the computer to automatically run the binary after it starts up.

    This file functions as a backdoor and allows a hacker to execute commands from a maliciously controlled domain, receive and run additional payloads, take screenshots, and steal files.

    In addition, the backdoor gives the attacker the ability to search the database files (kavach.db) created by the Kavach application on the system to store credentials.

    Author DeepWeb
    How many psilocybin mushrooms can you eat?
    Breaking Bad fan scammed $130,000 from novice hackers

    Comments 0

    Add comment