SYMBOLCOMMON_NAMEaka. SYNONYMS

SideCopy  (Back to overview)


The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.


Associated Families
elf.unidentified_005

References
2022-01-18QianxinRed Raindrop Team
@online{team:20220118:sidecopy:862ebbd, author = {Red Raindrop Team}, title = {{SideCopy Arsenal Update: Golang-based Linux stealth tools surface}}, date = {2022-01-18}, organization = {Qianxin}, url = {https://ti.qianxin.com/blog/articles/SideCopy's-Golang-based-Linux-tool/}, language = {Chinese}, urldate = {2022-01-25} } SideCopy Arsenal Update: Golang-based Linux stealth tools surface
Unidentified 005 (Sidecopy)
2022-01-05TelsyClaudio Di Giuseppe
@online{giuseppe:20220105:sidecopy:546a0eb, author = {Claudio Di Giuseppe}, title = {{SIDECOPY APT: From Windows to *nix}}, date = {2022-01-05}, organization = {Telsy}, url = {https://www.telsy.com/sidecopy-apt-from-windows-to-nix/}, language = {English}, urldate = {2022-01-10} } SIDECOPY APT: From Windows to *nix
SideCopy
2021-12-02MalwarebytesHossein Jazi, Threat Intelligence Team
@online{jazi:20211202:sidecopy:9e7363c, author = {Hossein Jazi and Threat Intelligence Team}, title = {{SideCopy APT: Connecting lures to victims, payloads to infrastructure}}, date = {2021-12-02}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/threat-intelligence/2021/12/sidecopy-apt-connecting-lures-to-victims-payloads-to-infrastructure/}, language = {English}, urldate = {2021-12-06} } SideCopy APT: Connecting lures to victims, payloads to infrastructure
SideCopy
2021-11-16METAMike Dvilyanski, David Agranovich
@online{dvilyanski:20211116:taking:7d056cc, author = {Mike Dvilyanski and David Agranovich}, title = {{Taking Action Against Hackers in Pakistan and Syria}}, date = {2021-11-16}, organization = {META}, url = {https://about.fb.com/news/2021/11/taking-action-against-hackers-in-pakistan-and-syria/}, language = {English}, urldate = {2021-11-17} } Taking Action Against Hackers in Pakistan and Syria
SideCopy
2021-07-07Talos IntelligenceAsheer Malhotra, Justin Thattil
@online{malhotra:20210707:insidecopy:eca169d, author = {Asheer Malhotra and Justin Thattil}, title = {{InSideCopy: How this APT continues to evolve its arsenal}}, date = {2021-07-07}, organization = {Talos Intelligence}, url = {https://blog.talosintelligence.com/2021/07/sidecopy.html}, language = {English}, urldate = {2021-07-08} } InSideCopy: How this APT continues to evolve its arsenal
AllaKore NjRAT SideCopy
2020-09-23SeqriteKalpesh Mantri
@online{mantri:20200923:operation:7e7788f, author = {Kalpesh Mantri}, title = {{Operation SideCopy!}}, date = {2020-09-23}, organization = {Seqrite}, url = {https://www.seqrite.com/blog/operation-sidecopy/}, language = {English}, urldate = {2022-01-10} } Operation SideCopy!
SideCopy

Credits: MISP Project