This white paper analyzes Operation SideCopy, a cyber espionage campaign attributed to a sub-cluster of the Transparent Tribe threat group. The campaign primarily targets Indian government, defense, and strategic organizations using carefully crafted spear-phishing emails. Attackers deploy malicious documents that exploit social engineering themes relevant to official communications, leading to the execution of remote access trojans such as Crimson RAT. The paper details the infection chain, payload delivery mechanisms, persistence techniques, and command-and-control infrastructure. It highlights the group’s evolving tactics, infrastructure reuse, and attribution indicators. The document concludes with defensive insights, emphasizing proactive monitoring, email security, and behavioral det

Join for free to read