National Computer Emergency Response Team has issued a cybersecurity advisory warning government offices and high-profile organizations about a sophisticated cybercrime campaign. Believed to be orchestrated by the Sidewinder APT group, the campaign utilizes phishing tactics to infiltrate systems and pilfer sensitive data.
According to NCERT, the campaign deploys a range of strategies including spear phishing via clickable URLs embedded in PDF documents. It exploits client applications for execution, evades detection through techniques like masquerading and file concealment, and gains access to credentials through OS credential dumping and web session cookie theft.
The cyber attackers gather system information through registry queries and local file searches, utilizing encrypted communication channels for command and control. The impact is severe, disrupting system availability and network resources through data destruction.
To mitigate these risks, NCERT advises government bodies to implement advanced email filtering solutions capable of detecting and quarantining suspicious attachments and URLs. They recommend using email authentication mechanisms like SPF, DKIM, and DMARC to verify incoming emails and prevent domain spoofing.
Further security measures include restricting the execution of macros and scripts within office documents, employing sandboxing and static analysis tools for suspicious file examination, and enhancing PDF security with digital signatures and encryption to prevent unauthorized access.
Additionally, NCERT suggests deploying endpoint detection and response (EDR) solutions to thwart malicious activities at the endpoint level and implementing application control measures to restrict untrusted executable files.
Integration of threat intelligence feeds into security systems is recommended to proactively identify indicators of compromise linked to known APT groups. This approach allows for early detection and response to emerging cyber threats, safeguarding government systems and sensitive data.
NCERT emphasizes the importance of vigilance and adherence to cybersecurity best practices among government organizations to fortify defenses against ongoing and future cyber campaigns.