Government sounds alarm over Zip files – ET CISO
https://etimg.etb2bimg.com/thumb/msid-109804788,imgsize-17868,width-1200,height=765,overlay-etciso/grc/government-sounds-alarm-over-zip-files.jpg
Indian authorities have issued a caution to their personnel regarding a cyber threat group with ties to Pakistan. This group is exploiting a flaw in the WinRAR software to introduce trojans like AllaKore and Ares into government networks. WinRAR is commonly used for managing compressed files, it is a file archiver utility for Windows that can create and view archives in RAR or ZIP formats.
According to a report in MoneyControl, this is the latest in a string of attacks that government organisations in India have been facing from foreign nation-state linked cyber threat actors. These threat actors typically target institutions such as defence bodies and so on to steal sensitive information.
A previous report by Moneycontrol highlighted alerts regarding cyber threat actors linked to Pakistan and China targeting Indian officials.
What are the techniques that these Pakistan linked hackers use
An advisory reviewed by the publication, released on April 9 by the government, revealed that the group known as SideCopy is capitalising on the WinRAR vulnerability to silently run code that install remote access trojans (RATs) such as AllaKore or Ares.
The security advisory detailed that the deployed payload is capable of stealing system information, recording keystrokes, capturing screenshots, managing file uploads and downloads, and remotely controlling the compromised system to execute commands and relay pilfered data to a command and control (C2) server.
Active since at least 2019, SideCopy is believed to be a Pakistani group that predominantly targets South Asian nations, especially the Indian defence sector and entities in Afghanistan.
Their typical strategy involves dispatching phishing emails containing defence-related baits. These emails bear harmful attachments that, once opened, install RATs to seize control over the targeted system.
The government’s advisory also included recommendations for officials to upgrade WinRAR to its most recent version, identify and segregate infected systems from the network, and conduct a thorough security audit of their cyber security infrastructure.
WinRAR is a file archiver utility for Windows that can create and view archives in RAR or ZIP formats, and unpack many archive file formats.