The group recently tried to garner information by floating a fake domain name for the Centre For Land Warfare Studies (CLAWS), an India-based autonomous think tank on strategic studies and land warfare. “It was discovered that a fake domain, clawsindia.com, was registered by the attackers. This domain masquerades as the website for the legitimate domain for CLAWS, claws.in,” said a senior government official, who did not wish to be identified.
The group targets individuals applying to CLAWS for chair of excellence, an honorary title for those making outstanding research contributions to strategic studies, said the official. “The victims are encouraged to click on an embedded URL hosted on sharingmymedia.com, which then downloads ObliqueRAT, the trojan which is associated with threat activity targeting entities in South Asia,” said the official.
The group primarily selects defence personnel in India using two generic themes – fake resumes and military related topics – according to the official. “They use generically themed content-hosting domains in addition to malicious domains masquerading as legitimate defence-related websites,” he said.
Government undertakings, strategic units and sectors such as telecom, power, energy and transport are also susceptible to such attacks, according to those in the know.