Operation Armor Piercer

Description

(Talos) Cisco Talos recently discovered a malicious campaign targeting government employees and military personnel in the Indian sub-continent with two commercial and commodity RAT families known as NetwireRAT (aka NetwireRC) and WarzoneRAT (aka Ave Maria). The attackers delivered a variety of lures to their targets, predominantly posing as guides related to Indian governmental infrastructure and operations such as Kavach and I.T.-related guides in the form of malicious Microsoft Office documents (maldocs) and archives (RARs, ZIPs) containing loaders for the RATs.

Some of these lures and tactics utilized by the attackers bear a strong resemblance to the Transparent Tribe, APT 36 and SideCopy APT groups, including the use of compromised websites and fake domains.

Names

Name	Name-Giver
Operation Armor Piercer	Talos

Country

Pakistan

Motivation

Information theft and espionage

First Seen

2020

Observed Sectors

Observed Countries

India

Tools

Information

https://blog.talosintelligence.com/2021/09/operation-armor-piercer.html

Other Information

Uuid

34414312-e2a7-4c61-85fa-38fdf139bac0

Last Card Change

2021-11-02

Threat Intelligence Garden

Explorer

Operation Armor Piercer

Operation Armor Piercer

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks