ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > SideCopy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: SideCopy

NamesSideCopy (Seqrite)
CountryPakistan Pakistan
MotivationInformation theft and espionage
First seen2019
Description(Seqrite) Operation SideCopy is active from early 2019, till date.
This cyber-operation has been only targeting Indian defence forces and armed forces personnel.
Malware modules seen are constantly under development and updated modules are released after a reconnaissance of victim data.
Actors are keeping track of malware detections and updating modules when detected by AV.
Almost all CnC belongs to Contabo GmbH and server names are similar to machine names found in the Transparent Tribe report.
This threat actor is misleading the security community by copying TTPs that point at SideWinder, Rattlesnake APT group.
We suspect this threat actor has links with Transparent Tribe, APT 36 APT group.
ObservedCountries: India.
Tools usedActionRAT, Allakore RAT, CetaRAT, DetaRAT, EpicenterRAT, Lilith RAT, MargulasRAT, njRAT, ReverseRAT.
Operations performedJul 2021InSideCopy: How this APT continues to evolve its arsenal
<https://s3.amazonaws.com/talos-intelligence-site/production/document_files/files/000/095/591/original/062521_SideCopy_%281%29.pdf?1625657388>
Information<https://www.seqrite.com/blog/operation-sidecopy/>

Last change to this card: 08 August 2021

Download this actor card in PDF or JSON format

Previous: SharpPanda
Next: SideWinder, Rattlesnake

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key