#sidecopy

Read the full report on -

As cybercriminals targeted various sectors of the Indian infrastructure, including businesses and financial service firms, the country has decided to bring a section of sovereignty in the upcoming cybersecurity plan. It would not only protect Indian cyberspace against the growing APT attacks but also build up India’s cyber offensive capabilities to fight the adversaries.

While speaking about the new cyber plan at the Pursuit 2021 event, Lt. General Rajesh Pant, India’s National Cybersecurity coordinator stated that it would address the entire cyber ecosystem – cybercrimes, capacity building, audits, research, and developments. The aim is to address the gaps that have made the Indian ecosystem a major target of the adversaries and “create a safe, secure, resilient, trusted and vibrant cyberspace for our national prosperity.”

According to a report issued by the Financial Stability Board (FSB), cyber criminals have targeted security gaps at several Indian firms amid the pandemic. As workers and firms relied more on virtual private networks and unsecured WiFi access points, each of these points posed a new challenge in Indian cyberspace.

The state-led or non-state hackers have been using phishing, malware, and ransomware practices, to target individuals and firms. Rajesh Babu, managing director of Mirox India in Technopark, Thiruvananthapuram believes that in an evolving area of technology, the government should bring stringent rules and regulations to protect the individuals and data from the new kinds of APT attacks.

Hence, a national cyber strategy has been considered as the need of the hour. The cybersecurity plan to include sovereignty would set deliverables for the Indian entities while the country is working through the cyber risk management processes, incident reporting, response and recovery activities, and cloud and other third-party services.

On the other hand, the rise of non-state actors has strengthened India’s cyber offensive front. There are several APT groups keeping track of the adversary data to launch malware attacks.

SideWinder, also known as RAZOR TIGER, Rattlesnake, APT-C-17, T-APT-04, is the most active threat group that has mostly targeted Indian adversaries in South Asia. The private actor has been attacking Pakistan’s military targets since 2012. They use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Recent news suggested that a Pakistani threat group – SideCopy is now imitating SideWinder’s infection techniques to deliver malware attacks on India. The attacks from China, Pakistan and North Korea, etc. have made it clear that India is not exempted from cyberwarfare.

Though the Indian cyber-espionage differs from the top state-sponsored threats – Russia and China, the attacks could be devastating even in the less ambitious geographic scope. It is the non-state actors that have constantly strengthened and defended India’s cyber front. Threat groups like Viceroy Tiger, Dark Basin, and APT C-35 have increased cyber-espionage activities against the adversaries, paving the way for Indian cyberwarfare.

Pant said, “The way 2021 has started, I would call it the year of ransomware.” He stated that the private actors should be equally prepared against the state-backed advanced persistent threat (APT) attacks.

Creating secure cyberspace in India has become more strenuous in the wake of persistent cyberattacks on the country. The malware attacks by adversaries have not only targeted the critical infrastructure in India but have advanced to the government and the military sector too.

As a developing country, India possesses cyber offensive and defensive capabilities that could ward off attacks from adversaries. India’s cyber offensive front has been stepped up by the private firms that have launched cyber operations against the neighbouring adversaries covertly. Lately, some of the adversaries are even copying the methods used by the Indian cyber threat groups to launch malware attacks.

One of the Pakistani threat groups called SideCopy was spotted imitating the Indian threat group SideWinder’s infection chains to deliver its own set of malware. SideCopy hackers appear to be highly motivated by the attack methods used by Indian APT groups like SideWinder that have been plaguing governments and enterprises in South Asia and East Asia since 2012. Other Indian groups that have come into the limelight for the same purpose include Dark Basin, Phronesis, Aglaya, etc.

SideWinder Advanced Persistent Threat group has been progressing in offensive cyber operations for a long time now. The firm was spotted using the Binder exploit to attack mobile devices. It proactively targeted victims that included multiple government and military units – in China, India, Nepal, and Pakistan using social-engineering techniques.

At present, SideCopy is actively copying techniques reserved for Sidewinder. Seqrite, Quick Heal’s enterprise security brand stated that the Pakistani cyber-espionage group has been active since 2019. The threat intelligence team first uncovered the spear-phishing campaigns in September 2020.

The team analysed that most of the old attacks were related to ‘Operation SideCopy’ by common IOCs. Cisco Talos, one of the networking giant’s cybersecurity divisions stated that the group has continued to launch cyber operations against the Indian government and military. They used spear-phishing email attacks each of which came with malicious file attachments—ranging from LNK files to self-extracting RAR EXEs and MSI-based installers—that installed remote access trojans (RATs) on infected systems.

SideCopy operators deployed RAT plugins that ranged from file enumerators to credential-stealers and keyloggers. The APT group’s activities posed a close resemblance to the campaigns initiated by another Pakistani threat group called APT36 (aka Mythic Leopard and Transparent Tribe), which has recently shifted its focus to Afghanistan. The Talos report has stated that the sophistication of attacks has comparatively increased and more visible in 2020 and 2021. It also reported a spike in activity by Chinese security firm – Rising.