PKG1008

SideCopySideCopy

Also known as: SideCopy

Origin
PK
Known aliases
1

Profile

The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.

Aliases· 1

SideCopy

MITRE ATT&CK Group crosswalk

G1008

References

  1. https://www.seqrite.com/blog/operation-sidecopy/
  2. https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/
  3. https://www.telsy.com/sidecopy-apt-from-windows-to-nix/
  4. https://blog.talosintelligence.com/2021/07/sidecopy.html
  5. https://about.fb.com/news/2021/11/taking-action-against-hackers-in-pakistan-and-syria/
  6. https://sebdraven.medium.com/copy-cat-of-apt-sidewinder-1893059ca68d

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Copy-Paste
Actor
GamaCopy
Actor
RAZOR TIGER
Group
Sidewinder
Actor
BackdoorDiplomacy
Actor
APT37
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.