A hacking group known as TAG-140, which has ties beyond Pakistan, has been detected targeting Indian government organizations using a modified version of a remote access trojan (RAT) named DRAT V2. The cyber attacks, attributed to the Insikt Group of Recorded Future, showcase the ongoing threat landscape faced by Indian governmental entities, including defense and railway sectors. This latest campaign reportedly involves spoofing the Indian Ministry of Defence through a counterfeit press release portal.
Recorded Future’s analysis noted that TAG-140 demonstrates significant evolution in its malware arsenal and operational techniques, suggesting a high level of sophistication in its methodologies. The cloning of official channels to execute these attacks underscores the adversary’s strategic approach to compromising sensitive systems while complicating detection and attribution efforts. Such tactics are increasingly prevalent among cybercriminal networks targeting high-value institutions.
In an intricate infection sequence, users are directed to a malicious link that initiates the infiltration of the DRAT V2 malware, a platform that has reportedly evolved to feature improved command-and-control functionality. The malware enhances organizational vulnerability by integrating additional commands for arbitrary shell execution and employing obfuscation techniques to conceal its communications.
As attacks from TAG-140 broaden their focus to include not only defense services but also oil and gas and external affairs ministries, the potential for significant geopolitical ramifications rises. The growing agility of this threat actor reflects a concerning trend in cyber warfare, with attackers employing modular RATs like DRAT V2 for persistent access and control over compromised systems, continuing to threaten national security.
This situation calls for heightened vigilance and proactive measures against such cyber incursions, especially given the group’s history dating back to at least 2019. As organizations brace for the ongoing challenges of cyber threats, the need for robust cybersecurity frameworks becomes ever more pressing.
For further details on the evolving nature of these cyber threats, see Recorded Future’s analysis here. Additionally, to understand the previous campaigns linked to this group, follow up on the reports on SideCopy and other tools leveraged by TAG-140. Recent vulnerabilities and threats have been further detailed by cybersecurity teams liaising with numerous sectors suffering from similar attack vectors, reflecting a global pattern of cyber espionage.