English
Specials
    Go Ad-Free
    My Alerts
    Moneycontrol
    Moneycontrol PRO
    HomeTechnologyIndia warns govt officials of Pakistan-linked threat actor exploiting WinRAR vulnerability to steal sensitive info

    India warns govt officials of Pakistan-linked threat actor exploiting WinRAR vulnerability to steal sensitive info

    In an advisory, the Union govt recommended officials to identify systems that have been infected by this threat actor and isolate them from the network

    Aihik Sur
    May 02, 2024 / 10:23 IST
    This is the latest in a string of cyber attacks that Indian government bodies have faced

    The Indian government has warned its officials of how a Pakistan-linked cyber threat actor is leveraging a security vulnerability in WinRAR to deliver trojans such as AllaKore, Ares etc on government entities. WinRAR is used for accessing zip files.

    This is the latest in string of attacks that government organisations in India have been facing from foreign nation-state linked cyber threat actors. These threat actors typically target institutions such as defence bodies and so on to steal  sensitive information.

    Moneycontrol had previously reported how the government had warned officials of Pakistan and China-linked threat actors targeting officials.

    The recent advisory, a copy of which Moneycontrol has reviewed, was issued by the government on April 9. It said that SideCopy, a Pakistan-linked cyber threat actor, was leveraging the vulnerability in WinRAR to execute a code that quietly deploys remote access trojans (RAT) such as AllaKore or Ares.

    "The payload present, which has the functionality to steal system information, keylogging take screenshots, upload and download files and take the remote access of the victim machine to send commands and upload stolen data to the C2 (command and control server)," the advisory said.

    Related stories

    SideCopy is a cyber threat actor group that has been active since at least 2019. They are believed to be Pakistani and primarily target countries in South Asia, particularly India's defense sector and Afghanistan.

    Their modus operandi include sending phishing emails with lures related to defense news or affairs. These emails contain malicious attachments that deploy RATs to gain control of the victim's machine.

    In the advisory, the government advised officials to update WinRAR to the latest version and to identify infected systems and isolate those systems from the network. Additionally, it recommended institutions to take up security audit of the cyber security infrastructure of the organisation.

    Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

    Aihik Sur covers tech policy, drones, space tech among other beats at Moneycontrol
    first published: May 2, 2024 10:23 am

    Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!

    Subscribe to Tech Newsletters

    • On Saturdays

      Find the best of Al News in one place, specially curated for you every weekend.

    • Daily-Weekdays

      Stay on top of the latest tech trends and biggest startup news.

    Advisory Alert: It has come to our attention that certain individuals are representing themselves as affiliates of Moneycontrol and soliciting funds on the false promise of assured returns on their investments. We wish to reiterate that Moneycontrol does not solicit funds from investors and neither does it promise any assured returns. In case you are approached by anyone making such claims, please write to us at grievanceofficer@nw18.com or call on 02268882347