Tag: india

10 Attack Reports | 0 Vulnerabilities

Attack reports

TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA

A Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users.
python
android
windows
crimson rat
pakistan
india
defense
rust
discord
clickfix
apt36
2025-03-27
html code
india post
bootreceiver
mywire
Published: March 27, 2025
Downloadable IOCs: 5

PrintSteal: Exposing unauthorized CSC-Impersonating Websites Engaging in Large-Scale KYC Document Generation Fraud

This investigation uncovers a massive criminal operation known as 'PrintSteal' that generates and distributes fake Indian KYC documents. The scheme involves over 1,800 fraudulent domains impersonating government websites, with at least 2,727 registered operators on one platform alone. Over 167,000 …
india
identity theft
government impersonation
2025-03-06
api abuse
financial crime
document forgery
kyc fraud
Published: March 6, 2025
Downloadable IOCs: 9

SPYLEND: The Android App Available on Google Play Store: Enabling Financial Cyber Crime & Extortion

A sophisticated Android malware called SpyLend, disguised as a 'Finance Simplified' app, is targeting Indian users through the Google Play Store. The app leverages location-based targeting to display unauthorized loan applications, enabling predatory lending, blackmail, and extortion. It has rapidl…
malware
android
data theft
extortion
india
financial
2025-02-22
google play store
spylend
loan apps
Published: February 22, 2025
Downloadable IOCs: 0

XELERA Ransomware Campaign: Fake Food Corporation of India Job Offers Targeting Tech Aspirants

A newly discovered ransomware campaign is targeting tech job aspirants in India using fake Food Corporation of India job offers. The XELERA ransomware, written in Python and packed with PyInstaller, is distributed through spear-phishing emails containing malicious Word documents. The infection chai…
ransomware
india
spear-phishing
pyinstaller
2025-02-12
job offer
tech sector
discord bot
xelera
memz
Published: February 12, 2025
Downloadable IOCs: 4

OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe

This investigation tracked infrastructure linked to the APT group Transparent Tribe, identifying 15 malicious hosts on DigitalOcean serving as command-and-control servers for the Mythic exploitation framework. The group employs Linux desktop entry files as an attack vector, targeting individuals in…
linux
india
c2
poseidon
mythic
2024-09-30
apt36
desktop entry
osint
digitalocean
jarm
Published: September 30, 2024
Downloadable IOCs: 19

Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure

CloudSEK's threat research team uncovered a ransomware attack impacting banks and payment providers in India. The attack, initiated through a compromised Jenkins server at Brontoo Technology Solutions, is attributed to the RansomEXX ransomware group. This sophisticated threat actor employs tactics …
ransomware
vulnerability
india
banking
2024-08-20
jenkins
ransomexx
CVE-2024-23897
Published: August 20, 2024
Linked vulnerabilities : CVE-2024-23897
Downloadable IOCs: 18

Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India

This report examines the convergence of tactics employed by Pakistani cyber threat groups, including Transparent Tribe, SideCopy, and RusticWeb, targeting Indian government entities and critical infrastructure. It uncovers overlaps in their infrastructure, tactics, and payloads, suggesting coordina…
apt
espionage
crimson rat
pakistan
action rat
reverse rat
india
disgomoji
2024-07-29
poseidon
geta rat
Published: July 29, 2024
Downloadable IOCs: 89

DISGOMOJI Malware Used to Target Indian Government

Volexity identified a cyber-espionage campaign by a suspected Pakistan-based threat actor tracked as UTA0137 targeting government entities in India. The campaign leveraged the DISGOMOJI malware, a Golang-based Linux trojan that uses Discord for command and control via emojis. Key capabilities inclu…
linux
espionage
india
discord
2024-06-18
golang
privilege escalation
disgomoji
CVE-2022-0847
Published: June 18, 2024
Linked vulnerabilities : CVE-2024-3400, CVE-2022-0847
Downloadable IOCs: 149

The Overlapping Cyber Strategies Of Transparent Tribe And SideCopy Against India

CRIL's analysis revealed SideCopy APT group's sophisticated malware campaign, employing malicious LNK files and a complex infection chain involving HTAs and loader DLLs to deploy malware like ReverseRAT and Action RAT. SideCopy targets Indian universities and government entities, suggesting potenti…
malware
apt
rat
action rat
india
infection chain
2024-05-15
2024-05-10
reverserat
Published: May 15, 2024
Downloadable IOCs: 21

New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware

CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unidentified Pakistan-based cyber espionage group. The threat actor utilized Spynote or a modified version called Craxs Rat, obfuscating the app with high complexity. Through…
malware
espionage
android
pakistan
2024-05-03
2024-05-04
2024-05-05
2024-05-06
india
spynote
defense
craxs rat
Published: May 6, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports