Hackers targeting Indian govt via cyber-espionage campaign to steal secret docs: Report

Date:

Share post:

spot_imgspot_img

Shillong, January 17: Researchers have uncovered a highly sophisticated cyber-espionage campaign — ‘Operation RusticWeb’, which the threat actors are using to target various personnel within the Indian government to steal confidential documents, a new report said on Wednesday.

The campaign, first detected in October 2023, uses Rust-based malware and encrypted PowerShell commands, to exfiltrate confidential documents, according to Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal.

“The campaign is initiated with a phishing campaign, targeting government personnel. Threat actors have exploited both, compromised and fake domains, to host malicious payloads and decoy files, ranging from IPR forms to fake domains mimicking prestigious organisations like the Army Welfare Education Society (AWES),” the researchers said.

“The decoy files, designed to lure victims into the malicious web, include forms related to Defence Services Officers Provident Fund and presentations on initiatives with the Ministry of Defence,” they added.

The hackers exfiltrate sensitive documents via a web-based service engine, adding a layer of sophistication to their cyber-espionage tactics.

The first observed infection chain heavily relied on Rust-based payloads, with a malicious shortcut file triggering an elaborate sequence leading to the exfiltration of sensitive data.

The second infection chain, observed in December, deployed maldocs using encrypted PowerShell commands, showcasing the threat actors’ versatility and adaptability, according to the report. The final payload of the cyber-espionage campaign is a Rust-based malware that operates as a data stealer.

As per the researchers, this sophisticated malware not only steals files but also collects system information, ensuring an extensive reconnaissance capability.

The threat actors employ an anonymous public file-sharing engine, OshiUpload, for data exfiltration, avoiding the conventional use of dedicated command-and-control servers. (IANS)

spot_imgspot_img

Related articles

BJP, MDA-ko tol·e ku·rachaka ine matnana

GHADC-ni tangkako watchina mol·mola SHILLONG: Garo Hills Autonomous District Council (GHADC)-o kam ka·enggiparangni dormahako on·anio somoi ru·utaniara a·dokni manderangko...

Sohiong CM Connect Centre-ko CM opraka

SHILLONG: Chief Minister Conrad K. Sangma Sonibar salo Sohiong C&RD Block-o CM Connect Centre-ko oprakaha aro tangka kror...

Meghalaya-o medical seat-rang komia

SHILLONG: Chu·sokgipa candidate-rang bang·genchimoba Meghalaya-o National Eligibility-cum-Entrance Test (NEET) UG 2026-na porikka segiparang pangna name dakenga indiba a·dok...

Sorkari office ning·o torom nokrangko rikna nangja: Charles Pyngrope

SHILLONG: Sorkari office-rangko toromni gita niamrangko tarie ja·rikna nangja aro manderangni namgnina kam ka·gipa biaprangko olakichakram biap dakatna...