Quick Heal unit Seqrite reports cyber threat to PSUs from Pak APT group

Quick Heal Technologies said that its enterprise arm Seqrite has reported that a suspected Pakistani advanced persistent threat (APT) group has been threatening critical infrastructure of Indian public sector undertakings (PSUs).

Seqrite researchers had uncovered the operations of Operation SideCopy for the first time last year. Since then, the enterprise cybersecurity provider is said to have encountered a new wave of cyber espionage campaign by the attackers against high profile targets from critical infrastructure PSUs from power, telecom, and finance sectors.

Last October 2020, Seqrite published a report regarding Operation SideCopy APT targeting Indian defence units. The company’s new finding has shown that Operation SideCopy has enlarged its target list to critical infrastructure.

As part of its investigation, Seqrite found possible links between Operation SideCopy and its operators to Pakistan.

Quick Heal Technologies unit Seqrite reports cyber threat to PSUs from Pak APT group. Photo courtesy of Tumisu from Pixabay.

Seqrite stated: “Threat actors were leveraging compromised websites, which resemble the websites that the targeted organizations would generally access. This shows that attackers did detailed reconnaissance before launching the attack campaign.

“Upon thorough analysis of the attack chain, the command-and-control (C2) server communication, and the available telemetry data, researchers at Seqrite could identify some compromised websites that are being used to host the attack scripts and act as C2 servers.”

Seqrite said that its researchers proactively notified the Indian government authorities about the development and are working with them to safeguard the potential targets.

Last month, the Quick Heal Technologies’ enterprise arm launched Seqrite Hawkk, a suite of cybersecurity solutions for helping enterprises to secure their digital transformation journey.