In December 2024, threat actor SideCopy, linked to Pakistan, has been observed targeting Indian sectors, including railway and oil, with malware such as CurlBack RAT and Xeno RAT. This expansion marks a notable shift in their focus beyond traditional sectors. The tactics have also evolved from using HTA files to MSI packages, as highlighted by researcher Sathwik Ram Prakki. SideCopy appears to be a subgroup of Transparent Tribe, evolving with new payloads to steal sensitive data, indicating a significant growth in their operational capabilities.
APT36 focus is majorly Linux systems whereas SideCopy targets Windows systems adding new payloads to its arsenal, demonstrating the continued evolution of these threat actors.
One notable shift in recent campaigns is the transition from using HTML Application (HTA) files to adopting Microsoft Installer (MSI) packages as a primary staging mechanism.
Collection
[
|
...
]