Home/News/China-Nexus Hackers Target Indian Taxpayers With DcRAT
The Hacker News2 min read

China-Nexus Hackers Target Indian Taxpayers With DcRAT

A suspected China-nexus threat group has been observed conducting a multi-stage campaign targeting Indian taxpayers, tax professionals, and corporate finance teams. This operation, codenamed Operation DragonReturn by Seqrite Labs, aims to deploy the DcRAT (Dragonfly Command and Control Remote Access Trojan) to steal sensitive data from compromised systems. The initial attack vector involves spear-phishing emails that impersonate the Income Tax Department of India, a tactic designed to gain the trust of recipients and encourage them to download malicious attachments or links.

The campaign utilizes a fake Indian tax filing utility as a lure. Upon execution, this utility serves as a dropper for the DcRAT malware. Seqrite Labs' analysis indicates that the threat actors are sophisticated, employing techniques to evade detection and maintain persistence on victim machines. The ultimate goal is to establish a foothold for further espionage and data exfiltration, potentially impacting financial and personal information of individuals and organizations within India.

Operation DragonReturn highlights the persistent threat posed by state-sponsored or state-nexus hacking groups targeting critical sectors and government entities. The use of a seemingly legitimate government utility underscores the evolving tactics of cybercriminals to exploit trust and social engineering. Seqrite Labs has provided technical details on the malware's functionality and the campaign's infrastructure to aid in defense and attribution efforts, emphasizing the need for heightened cybersecurity awareness among Indian taxpayers and financial institutions.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next