This is the third time that Team Cymru has noticed SideCopy’s use of DRDO-related decoys for malware distribution.
The other two times they’ve seen this tactic used by the company, in March 2023 and again last month.
Interestingly, both attacks chains have been observed to load and execute both the Action RAT and an open source remote access trojan called AllaKore RAT.
From their analysis, they’ve also found that 18 distinct victims in India have been detected as connecting to C2 servers associated with Action Rat and 236 unique victims across India.
Of these, 190 of them are Indian citizens.
It turns out that most of these victims are men coming from Pakistan, which makes sense since SideCopy originates from there.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply