Govt Warns Officials: Pakistan-Linked Hackers Targeting Government Data via WinRAR Exploit

The Indian government has issued a critical alert warning its officials of an ongoing cyberattack campaign targeting government entities. This campaign, attributed to a Pakistan-linked threat actor, exploits a vulnerability in the widely-used file compression software, WinRAR.

The Attack and its Consequences​

The government advisory details how the group, known as SideCopy, leverages the WinRAR vulnerability to execute malicious code. This code stealthily installs Remote Access Trojans (RATs), such as AllaKore and Ares, onto the victim's system. These RATs provide attackers with extensive control over the infected device, enabling them to:

• Steal sensitive system information
• Capture screenshots and record keystrokes
• Manage file uploads and downloads
• Remotely execute commands and exfiltrate stolen data

"The payload present, which has the functionality to steal system information, keylogging take screenshots, upload and download files and take the remote access of the victim machine to send commands and upload stolen data to the C2 (command and control server)," states the government advisory.

History and Motives​

SideCopy has been active since at least 2019 and is suspected to be a Pakistani threat actor primarily focused on South Asian nations. They are notorious for targeting the Indian defense sector and entities in Afghanistan. Their modus operandi often involves phishing emails with lures related to defense news or affairs, encouraging victims to open malicious attachments that deploy the RATs.

This attack underscores the ongoing series of cyber threats faced by Indian government organizations, often perpetrated by foreign nation-state actors.

Recommendations and Precautions​

The government's advisory urges officials to take immediate action:

• Update WinRAR to the latest version to patch the exploited vulnerability.
• Identify and isolate any potentially infected systems.
• Conduct a thorough security audit of the organization's cybersecurity infrastructure.

The Need for Vigilance​

This incident highlights the critical importance of maintaining robust cybersecurity measures within government institutions. It also emphasizes the need for individuals to remain vigilant against phishing attempts and to exercise caution when handling compressed files from unknown or untrusted sources.

 

[Sandeep]

India needs to enhance its cyber protection and warfare very quickly and properly. India needs a dedicated cyber command that regularly conducts operations against Pakistan and China to hack, disrupt, slow down, send viruses or malware or anything against their government IT systems, military, banking networks, power infrastructure or any other utility companies. We should do the same against China and their businesses.