| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.
| 2025-04-08
⋅
Seqrite
⋅
Goodbye HTA, Hello MSI: New TTPs and Clusters of an APT driven by Multi-Platform Attacks CurlBack RAT XenoRAT |
| 2024-07-25
⋅
Seqrite
⋅
Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India DISGOMOJI Poseidon Action RAT AllaKore ReverseRAT |
| 2023-11-06
⋅
Seqrite
⋅
SideCopy’s Multi-platform Onslaught: Leveraging WinRAR Zero-Day and Linux Variant of Ares RAT Action RAT AllaKore |
| 2023-06-15
⋅
Seqrite
⋅
Double Action, Triple Infection, and a New RAT: SideCopy’s Persistent Targeting of Indian Defence Action RAT |
| 2023-02-16
⋅
ThreatMon
⋅
APT SideCopy Targeting Indian Government Entities - Analysis of the new version of ReverseRAT Unidentified 005 (Sidecopy) ReverseRAT |
| 2023-01-01
⋅
ThreatMon
⋅
Unraveling the Complex Infection Chain: Analysis of the SideCopy APT's Attack Action RAT |
| 2022-01-18
⋅
⋅
Qianxin
⋅
SideCopy Arsenal Update: Golang-based Linux stealth tools surface Unidentified 005 (Sidecopy) |
| 2022-01-05
⋅
Telsy
⋅
SIDECOPY APT: From Windows to *nix SideCopy |
| 2021-12-02
⋅
Malwarebytes
⋅
SideCopy APT: Connecting lures to victims, payloads to infrastructure SideCopy |
| 2021-11-16
⋅
META
⋅
Taking Action Against Hackers in Pakistan and Syria SideCopy |
| 2021-07-07
⋅
Talos Intelligence
⋅
InSideCopy: How this APT continues to evolve its arsenal AllaKore NjRAT SideCopy |
| 2020-09-23
⋅
Seqrite
⋅
Operation SideCopy! SideCopy |
| 2019-07-08
⋅
Medium Sebdraven
⋅
Copy cat of APT Sidewinder ? AllaKore SideCopy |