December 22, 2023 at 08:48AM
Indian government entities and the defense sector are targeted by a phishing campaign dubbed Operation RusticWeb, dropping Rust-based malware for intelligence gathering. The attack involves Rust-based payloads, PowerShell commands, and trojans like AllaKore RAT, Ares RAT, and DRat. The group behind the campaign is linked to Pakistan and uses advanced techniques to compromise victims.
From the provided meeting notes, the key takeaways are:
– Indian government entities and the defense sector have been targeted by a phishing campaign dropping Rust-based malware for intelligence gathering.
– Tactical overlaps have been uncovered between the cluster and those widely tracked under the monikers Transparent Tribe and SideCopy, both of which are assessed to be linked to Pakistan.
– SEQRITE detailed multiple campaigns undertaken by the threat actor targeting Indian government bodies to deliver trojans such as AllaKore RAT, Ares RAT, and DRat.
– Recent attack chains documented by ThreatMon have employed social engineering techniques, decoy Microsoft PowerPoint files, and specially crafted RAR archives susceptible to CVE-2023-38831 for malware delivery.
– The SideCopy APT Group’s infection chain involves multiple steps, leveraging phishing emails, Rust-based payloads, and PowerShell scripts for enumeration and exfiltration.
– The final-stage payload of the infection chain is launched via a Rust executable that goes by the name “Cisco AnyConnect Web Helper,” and the gathered information is ultimately uploaded to the domain oshi[.]at.
– Operation RusticWeb could be linked to an APT threat as it shares similarities with various Pakistan-linked groups.
– Additionally, a malicious Android app utilized by the DoNot Team targeting individuals in the Kashmir region of India, labeled as APT-C-35, Origami Elephant, and SECTOR02, has been uncovered. This app is a trojanized version of an open-source GitHub project called “QuranApp: Read and Explore” and comes fitted with a wide range of spyware features.
These points summarize the threats outlined in the meeting notes.