SideCopy, the Pakistan-based advanced-persistent threat (APT) group whose accounts were recently disabled by Facebook for targeting Afghanistan, has also targeted Indians — specifically defence personnel, Malwarebytes, an American Internet security company said. In a blog post titled, "SideCopy APT: Connecting lures to victims, payloads to infrastructure", Hossein Jazi, a threat intelligence analyst at Malwarebytes said that Indian defence personnel including the Indian Army and National Cadet Corps (NCC) were targeted using archive (zip) files embedded with malicious applications. These files were — Designed and crafted to target specific victims Romantic lures Through these lures, in one instance Malwarebytes was able to find that SideCopy had gained access to a machine and "collected a lot of credentials from government and education services". This was the only instance where Malwarebytes provided India-specific details in regards to what data was exfiltrated. Such cyber attacks point to an emerging trend of a country's critical infrastructure such as defence, power, and so on, being targeted. They also raise questions on the cybersecurity awareness of government and military officials. Those who read MediaNama are ahead of the curve. Support our journalism by subscribing here. Pakistani group targeted Indian defence personnel with file names such as nisha.zip Using romantic lures, which also find a mention in Facebook's announcement about banning SideCopy from the platform, the Pakistan-based APT group targeted Indian defence personnel with archive file names such as — nisha.zip: This file contain a list of images with .3d extension and a malicious Trojan application named 3Dviewer.exe,…
