A hacking group linked to various origins has targeted Indian government organizations using a modified RAT known as DRAT. This activity is attributed to TAG-140, associated with the SideCopy collective. The group's recent campaign spoofed the Indian Ministry of Defence through a cloned press release portal, indicating advancements in malware strategy. The attack utilizes DRAT V2 along with a suite of RAT tools, demonstrating the ability to diversify tactics and broaden targets into sectors like railway and oil. The infection process employs a ClickFix-style strategy for the malware delivery.
TAG-140 has consistently demonstrated iterative advancement and variety in its malware arsenal and delivery techniques, showcasing its evolving capabilities and tactics.
This latest campaign, which spoofed the Indian Ministry of Defence via a cloned press release portal, marks a slight but notable shift in both malware architecture and command-and-control (C2) functionality.
The updated version of DRAT, called DRAT V2, is the latest addition to SideCopy's RAT arsenal, which includes various tools to infect Windows and Linux systems.
The infection sequence documented by Recorded Future leverages a ClickFix-style approach that spoofs the Indian Ministry of Defence's official press release portal.
Collection
[
|
...
]