As India prepares for the last phase of polling, cybersecurity experts have unearthed cyber attacks from across the border, targeting crucial Indian government and military entities.

Seqrite, the enterprise arm of Quick Heal Technologies, has said there was an alarming escalation in cyberattacks orchestrated by Pakistan-linked advanced persistent threat (APT) groups.

At the forefront of these attacks is SideCopy, a Pakistan-based APT group that has persistently targeted South Asian countries, with a focus on compromising Indian defence and government organisations since at least 2019.

APT attacks are carefully planned and designed to penetrate target organisations, evading existing security measures.

Seqrite said it detected three distinct campaigns launched by this group, each characterised by deploying two instances of the AllaKore remote access trojan (RAT) as the final malicious payload.

Also read: Burnout among cybersecurity professionals threaten to weaken security shield

Similarly, Transparent Tribe (APT36), SideCopy’s overarching parent APT entity, has been relentlessly utilising advanced variants of the Crimson RAT, a sophisticated .NET-based remote access tool designed for extensive system control and persistent access. Transparent Tribe has consistently targeted India since its emergence in 2013.

“The intensifying cyberattack campaigns spearheaded by these Pakistani APT groups represent a severe and escalating threat to our national security, especially in light of the ongoing general elections,” a Seqrite report said.

“This necessitates a coordinated and proactive cybersecurity posture across all critical infrastructure to safeguard the integrity of our democratic processes,” it said.

Modus operandi

The infection chains commence with carefully crafted spear-phishing emails delivering malicious attachments or links that exploit vulnerabilities to gain initial footholds within target networks. “Once compromised, these entry points are then leveraged to deploy an array of malware payloads, including the AllaKore and Crimson RATs, granting the attackers extensive remote control and unfettered access to infected systems,” it said.

The persistent targeting of the Indian government and defense entities by Pakistani APT groups is not a new phenomenon.

“However, the recent surge in attack volumes and the escalating sophistication of the adversaries’ TTPs (Tactics, Techniques and Procedures), particularly in the run-up to the general elections, represent a substantial escalation in the evolving cyber threat landscape,” it said.

Also read: Govt directs telcos to block incoming international spoofed calls

Seqrite strongly advises organisations, especially those involved in the electoral process, to implement robust cybersecurity measures as an immediate priority.

“This includes ensuring regular software updates, deploying advanced email filtering and web security solutions and conducting comprehensive security awareness training to educate employees on identifying and mitigating social engineering tactics,” Seqrite said.

It also recommends the adoption of multi-factor authentication mechanisms, conducting regular security assessments and penetration testing exercises and establishing comprehensive incident response plans to minimise the potential impact of successful breaches.