Sunday, December 22, 2024
Advertisement
  1. You Are At:
  2. News
  3. Technology
  4. Indian government faces cyber threat as hackers launch espionage campaign for secret documents: Details

Indian government faces cyber threat as hackers launch espionage campaign for secret documents: Details

As per the new report, the campaign was first detected in October 2023 when it was using Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.

Edited By: Saumya Nigam @snigam04 New Delhi Published : Jan 17, 2024 22:10 IST, Updated : Jan 17, 2024 22:10 IST
indian government, cyber threat, hacker,
Image Source : FILE Indian government faces cyber threat as hackers launch espionage campaign for secret documents

Researchers have uncovered a highly sophisticated cyber-espionage campaign -called 'Operation RusticWeb'. This operation acts as a threat actor for targeting various personnel within the Indian government to steal confidential documents. As per the new report which surfaced on Wednesday, the campaign was first detected in October 2023 - as it was using Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.

The researchers said, "The campaign is initiated with a phishing campaign, targeting government personnel. Threat actors have exploited both, compromised and fake domains, to host malicious payloads and decoy files, ranging from IPR forms to fake domains mimicking prestigious organisations like the Army Welfare Education Society (AWES).”

They further added, "The decoy files, designed to lure victims into the malicious web, include forms related to Defence Services Officers Provident Fund and presentations on initiatives with the Ministry of Defence.”

The hackers further exfiltrate sensitive documents via a web-based service engine, adding a layer of sophistication to their cyber-espionage tactics.

  1. The first observed infection chain which heavily relied on Rust-based payloads, with a malicious shortcut file triggering an elaborate sequence leading to the exfiltration of sensitive data.
  2. The second infection chain, observed in December 2023, deployed maldocs by using the encrypted PowerShell commands, showcasing the threat actors' versatility and adaptability, as per the report. 

The final payload of the cyber-espionage campaign is a Rust-based malware which operates as a data stealer. The researchers further state that this sophisticated malware is not only stealing the files but also collecting system information, ensuring an extensive reconnaissance capability.

The threat actors employ an anonymous public file-sharing engine, OshiUpload, for data exfiltration, avoiding the conventional use of dedicated command-and-control servers.

ALSO READ: Mark Zuckerberg to give deposition in Texas lawsuit over facial recognition

Inputs from IANS

Advertisement

Read all the Breaking News Live on indiatvnews.com and Get Latest English News & Updates from Technology

Advertisement
Advertisement
Advertisement
Advertisement