Site icon ICT Frame

New Cyber Campaign “Armor Piercer” Targets Indian Government Officials

Cybersecurity Compliance
Share It On:

27th September 2021, Kathmandu

Cyberattacks and malicious campaigns are increasing in a rapid way. According to research from Cisco Talos shows a cyber-campaign, tracked as Armor Piercer, targeting the government and defense sector in India with Remote Access Trojans-NetwireRAT and WarzoneRAT. The campaign was found to be spreading malicious documents to deploy RATs and access sensitive information and data.

NetwireRAT and WarzoneRAT have a variety of capabilities, including:

Armor Piercer’s Phishing Campaign

The campaign is active since 2020 and performing phishing attacks by tricking employees related to Kavash. Kavash is a two-factor authentication (2FA) app operated by India’s National Informatics Center (NIC), the government personals are using it to access their emails. Armor Piercer was found using hacked websites and fake domains to host their malware payloads. It used various phishing techniques to attack and compromise systems.

Armor Piercer Attack Vector

Armor Piercer operators distributed their malware payloads through different phishing techniques to the targeted employees or guides in the form of malicious Microsoft Office documents and archives. When a victim downloads the malicious document it automatically downloads a loader which deploys the final RAT payload on the targeted system.

According to Vishak Raman, Director, Security Business, Cisco India and SAARC said, ‘’ Operation Armor Piecer is a grim reminder of the vulnerabilities still existing in the security posture. For end-to-end security, the government must implement a layered defense strategy that provides security to the system for the protection of people and assets.


Share It On:
Exit mobile version