Cisco Talos, the company’s threat intelligence unit, revealed on Thursday that it has uncovered a cyber attack campaign targeting Indian government employees and military personnel.
In a blog post, Cisco Talos outlines how ‘Armor Piercer’ spreads malicious documents in order to transmit Remote Access Trojans (RATs) and gain access to highly confidential information from Indian government and defence departments.
It noted “The lures used in this campaign are predominantly around operational documents pertaining to ‘Kavach’, a two-factor authentication (2FA) app operated by India’s National Informatics Centre (NIC) and used by government employees to access their emails,”
The earliest instance of this campaign, according to Cisco Talos, was noticed in December 2020, and it used malicious MS Office documents known as maldocs that were disguised as security advisories, meeting schedules, software installation guides, etc.
The campaign was discovered to be employing several strategies and has evolved to disguise itself and persist in the victim’s environment, evading standard detection techniques.
The blog pointed out that, the campaign has been running since the end of 2020 and is still going strong.
Operation Armor Piercer, according to Cisco Director Security Business (India and SAARC) Vishak Raman, is a grim reminder of the cybersecurity vulnerabilities that still exist.
He added “To ensure end-to-end security of India’s most precious assets and information, government and defence agencies must implement a layered defence strategy that enables comprehensive visibility and coverage across all endpoints, accelerates response by leveraging automation and orchestration to enrich data, and reduces massive data sets into actionable insights through AI/ML and data analytics,”
To assure foolproof protection of people and assets, he stressed that security must be incorporated into every system and process, not bolted on.