A recent study by Secureonix found that threat actors were targeting the government’s email system, Kavach. It is reportedly said that this attack was similar to methods used by SideCopy, a threat actor attributed to Pakistan. Kavach is a 2-factor authentication system that was implemented last year to strengthen the government’s email infrastructure.
According to Secureonix, the first stage of the process included a phishing campaign. When a government official clicks a link in one of the phishing emails, .LNK files (attached to those emails) would execute code, resulting in the execution of a remote access trojan.
The cybersecurity firm said, “Like with many attacks we see today, the initial infection begins with a phishing email containing a compressed file attachment (11222022.zip). When opened by the user, the file contains a single shortcut file designed to trick the user into opening it. The email’s shortcut file appears to be a harmless image file from websites such as Income Tax Delhi. “The purpose of the shortcut file is to appear simply as ‘scanimg.png’ to the user, thus tempting them into thinking they are opening a harmless image file.”
This is not the first time Kavach has been targeted. Talos Intelligence discovered that SideCopy/Transparent Tribe targeted Kavach by deceiving government officials into installing malware that posed as an installer or updater for Kavach.
Talos Intelligence said, “This campaign, which has been ongoing since at least June 2021, uses fake domains mimicking legitimate government and related organizations to deliver malicious payloads, a common Transparent tribe tactic.”
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.