The campaign, dubbed as 'Operation Sidecopy' utilizes a remote access malware that can heighten its privilege in undermined systems, and thus, easily steal data by infiltrating a computer.
Cyber Security researchers at Seqrite, the cyber security solutions arm of Quick Heal, believe that the main tools utilized in Operation Sidecopy shows the association of Transparent Tribe which Seqrite believes is being backed by China to accumulate insight against India.
One of the main characteristics that Seqrite believes can be associated with Pakistan's Transparent Tribe is the remote server facilitating that the 'collective uses'.
As per researchers Kalpesh Mantri, Pawan Chaudhari and Goutam Tripathy at Seqrite, Operation Sidecopy utilizes Contabo GmbH to 'host' the remote server through which the malware is instructed and information inflow is controlled, which Transparent Tribe is accounted for to have done already.
Himanshu Dubey, director of Quick Heal Security Labs, affirmed that alongside the Operation Sidecopy cyber attacks are highly targeted towards India in nature and have been continuously observed since 2019.
'Till now, this attack has been only seen targeting India.The Tactics, Techniques and Procedures (TTPs), as well as Decoy documents that we analysed, were crafted specifically in Indian context,” he says.
Clarifying the Pakistan and China connection in the series of cyber attacks taken note of, Quick Heal's Dubey says, “We have considered several factors such as infrastructure used for command servers, registered domain naming patterns and recently created domains, ..