SOURCE: AFI
The Indian government has issued a cybersecurity alert warning officials about a hacking campaign targeting government entities. The attackers, believed to be linked to Pakistan, are exploiting a vulnerability in WinRAR, a popular file archive tool, to deploy malicious software.
The alert details how a Pakistan-linked cyber threat actor, known as SideCopy, is leveraging a security flaw in WinRAR. By exploiting this vulnerability, SideCopy can execute malicious code that silently installs Remote Access Trojans (RATs) on the victim’s system. These RATs, such as AllaKore and Ares, grant the attackers remote control over the infected device, enabling them to steal sensitive information.
This attack is the latest in a series of cyberattacks targeting Indian government organizations. These attacks often originate from foreign nation-state actors and typically target sensitive institutions like defense bodies. The stolen information could be used for espionage or other malicious purposes.
The Indian government has urged its officials to exercise caution when handling compressed files, particularly those received from unknown sources. It’s advisable to:
- Update WinRAR: Ensure you have the latest version of WinRAR installed, as it likely includes a patch for the exploited vulnerability.
- Beware of Phishing Emails: Phishing emails are a common method for distributing malicious attachments. Be cautious of emails with unexpected attachments, even if they appear to come from a trusted source.
- Use Antivirus and Anti-Malware Software: Maintain robust security software that can detect and block malware threats.