Cisco Talos warns of cyber attack campaign that targets government employees, military personnel in India – ET CISO
“The lures used in this campaign are predominantly around operational documents pertaining to ‘Kavach’, a two-factor authentication (2FA) app operated by India’s National Informatics Centre (NIC) and used by government employees to access their emails,” it added.
Cisco Talos said the earliest instance of this campaign was observed in December 2020, utilising malicious MS Office documents, known as maldocs, disguised as security advisories, meeting schedules, software installation guides, etc.
It added that the campaign was found to be using multiple techniques and evolved to obfuscate itself and remain in the victim’s environment, evading standard detection techniques.
The blog noted that the campaign has been ongoing since the end of 2020 and continues to operate today.
Cisco Director Security Business (India and SAARC)said operation Armor Piercer is a grim reminder of the still existing in the cybersecurity posture.
“To ensure end-to-end security of India’s most precious assets and information, government and defence agencies must implement a layered defence strategy that enables comprehensive visibility and coverage across all endpoints, accelerates response by leveraging automation and orchestration to enrich data, and reduces massive data sets into actionable insights through AI/ML and data analytics,” he added.
Essentially, security must not be bolted on, rather built into every system and process to ensure infallible protection of people and assets, he emphasised.