Operation RusticWeb
Description
(Seqrite) SEQRITE Labs APT-Team has uncovered a phishing campaign targeting various Indian government personnel since October 2023. We have also identified targeting of both government and private entities in the defence sector over December. New Rust-based payloads and encrypted PowerShell commands have been utilized to exfiltrate confidential documents to a web-based service engine, instead of a dedicated command-and-control (C2) server. With actively modifying its arsenal, it has also used fake domains to host malicious payloads and decoy files.
This campaign is tracked as Operation RusticWeb, where multiple TTPs overlap with Pakistan-linked APT groups – Transparent Tribe, APT 36 and SideCopy. It also has similarities with Operation Armor Piercer report released by Cisco in 2021, and the targeting with the ESSA scholarship form of AWES was observed by our team back in the same year.
Names
| Name | Name-Giver |
|---|---|
| Operation RusticWeb | Seqrite |
Country
Motivation
- Information theft and espionage
First Seen
2023
Observed Sectors
Observed Countries
Information
Other Information
Uuid
04d557ae-7b7a-4aa2-9484-340b00a7ce08
Last Card Change
2024-01-16