New Cyber Campaign “Armor Piercer” Targets Indian Government Officials

Cybersecurity Compliance
Share It On:

27th September 2021, Kathmandu

Cyberattacks and malicious campaigns are increasing in a rapid way. According to research from Cisco Talos shows a cyber-campaign, tracked as Armor Piercer, targeting the government and defense sector in India with Remote Access Trojans-NetwireRAT and WarzoneRAT. The campaign was found to be spreading malicious documents to deploy RATs and access sensitive information and data.

NetwireRAT and WarzoneRAT have a variety of capabilities, including:

  • Execute arbitrary commands
  • Gather system information
  • Stealing credentials from browsers
  • File management operations such as write, copy, read, delete files, etc.
  • Keylogging
  • Remote desktop
  • Enumerate, terminate processes
  • Credential stealing from email clients browsers
  • Webcam capture
  • Reverse shells

Armor Piercer’s Phishing Campaign

The campaign is active since 2020 and performing phishing attacks by tricking employees related to Kavash. Kavash is a two-factor authentication (2FA) app operated by India’s National Informatics Center (NIC), the government personals are using it to access their emails. Armor Piercer was found using hacked websites and fake domains to host their malware payloads. It used various phishing techniques to attack and compromise systems.

Armor Piercer Attack Vector

Armor Piercer operators distributed their malware payloads through different phishing techniques to the targeted employees or guides in the form of malicious Microsoft Office documents and archives. When a victim downloads the malicious document it automatically downloads a loader which deploys the final RAT payload on the targeted system.

According to Vishak Raman, Director, Security Business, Cisco India and SAARC said, ‘’ Operation Armor Piecer is a grim reminder of the vulnerabilities still existing in the security posture. For end-to-end security, the government must implement a layered defense strategy that provides security to the system for the protection of people and assets.


Share It On:

Recent Posts

Dursikshya Education Network Successfully Concludes Finals of Discovery Education & Edutech’s National Coding Competition – Nepal Edition

Dursikshya Education Network Successfully Concludes Finals of Discovery Education &

Share It On:22nd December 2024, Kathmandu Dursikshya Education Network, in collaboration with Edutech India, Discovery Education UK, and ICT Frame

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support