APT SideCopy Targeting Indian Government Entities

The Forrester Wave™: Managed Detection and Response, Q2 2023

APT SideCopy Targeting Indian Government Entities

SideCopy, a Pakistani threat group, targeted Indian Government Entities using a spear-phishing email containing a macro-enabled Word document. If the recipient opens the document and enables macros, it triggers the execution of malicious code, allowing SideCopy to gain initial access. The malware used is a new version of ReverseRAT, which has enhanced obfuscation and sleep calls to avoid detection.
Once ReverseRAT gains persistence, it enumerates the victim's device, collects data, encrypts it using RC4, and sends it to the Command and Control (C2) server. It waits for commands to execute on the target machine, and some of its functions include taking screenshots, downloading and executing files, and uploading files to the C2 server.

ThreatMon Free Trial

Download Download Here

Start Your Free Trial Now!

The free trial of ThreatMon allows users to explore the product's security benefits. During this trial period, you can test Threat Intelligence data, detect threats to your organization and recommend security measures.

Start Free Trial