This article discusses the activities of the threat actor TAG-140, associated with SideCopy and Transparent Tribe, targeting Indian government and critical infrastructure sectors using sophisticated RAT variants like DRAT V2. It highlights evolving malware tactics, including spoofing websites, modular tools, and the use of advanced phishing campaigns to maintain operational flexibility and evade detection. #SideCopy #APT36
Keypoints
- TAG-140 leverages a modified RAT called DRAT V2 for targeting Indian government organizations.
- The attack campaign includes spoofing official Indian Ministry of Defence websites to deploy malware.
- DRAT V2 features improved command execution, obfuscation, and persistence methods, but is relatively easy to detect.
- Other threat groups like APT36 and Confucius are actively deploying malware such as Ares RAT, DISGOMOJI, WooperStealer, and Anondoor.
- These campaigns demonstrate a shift towards modular, adaptable malware tools to enhance stealth and operational success.
Read More: https://thehackernews.com/2025/07/tag-140-deploys-drat-v2-rat-targeting.html