Cisco's threat intelligence unit has discovered a malicious campaign targeting government employees and military personnel in India.
(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
The cyber-attack campaign used malicious Microsoft Office documents (maldoc) and malicious archives to gain access to confidential information related to government and defence agencies.
According to the unit, the earliest instance of this campaign was observed in December 2020 and continues to operate today. The content of maldocs ranged from security advisories, to meeting schedules, to software installations notes.
The lures used in the campaign were primarily around documents related to the Government of India’s Kavach application. It is a two-factor authentication (2FA) application used by government employees to access their emails.
The attackers relied on a compromised websites and fake domains to carry out their campaign.
Cisco said the campaign focussed on compromising quasi-military or government-related websites to host malicious payloads. This could have been done to appear legitimate to victims and analysts.