ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > SideCopy

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: SideCopy

NamesSideCopy (Seqrite)
CountryPakistan Pakistan
MotivationInformation theft and espionage
First seen2019
Description(Seqrite) Operation SideCopy is active from early 2019, till date.
This cyber-operation has been only targeting Indian defence forces and armed forces personnel.
Malware modules seen are constantly under development and updated modules are released after a reconnaissance of victim data.
Actors are keeping track of malware detections and updating modules when detected by AV.
Almost all CnC belongs to Contabo GmbH and server names are similar to machine names found in the Transparent Tribe report.
This threat actor is misleading the security community by copying TTPs that point at SideWinder, Rattlesnake APT group.
We suspect this threat actor has links with Transparent Tribe, APT 36 APT group.
ObservedCountries: India.
Tools usedActionRAT, Allakore RAT, CetaRAT, DetaRAT, EpicenterRAT, Lilith RAT, MargulasRAT, njRAT, ReverseRAT.
Operations performedJul 2021InSideCopy: How this APT continues to evolve its arsenal
Counter operationsAug 2021Taking Action Against Hackers in Pakistan and Syria

Last change to this card: 30 December 2022

Download this actor card in PDF or JSON format

Previous: SharpPanda
Next: SideWinder, Rattlesnake

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]