New Malware Targets Indian Gov. Employees – Top 5 Cybersecurity news

malware targeting indian government news


Welcome back to the new set of cybersecurity news! Today’s top 5 news includes information about a new malware campaign that targets Indian Government employees, RomCom RAT, etc. Read the news and share your thoughts about today’s cybersecurity news in the comment section.

Top 5 cybersecurity news:

1. The RomCom RAT malware campaign poses as Veeam, KeePass, and SolarWinds NPM.

The threat actor responsible for the propagation of the RomCom RAT (remote access trojan) has updated his assault method and is now targeting well-known software companies.

The RomCom threat actors were found developing websites that mimicked official download pages for PDF Reader Pro, KeePass password manager, and SolarWinds Network Performance Monitor (NPM) in a recent campaign that BlackBerry discovered. This effectively disguised the malware as trustworthy software.

Unit 42 also found that the threat actors established a website that poses as the Veeam Backup and Recovery program. In addition to cloning the HTML code to replicate the real websites, the hackers also registered typo-squat “lookalike” names to give the fraudulent website even more legitimacy.

2. As a result of the cyberattack, ALMA Observatory suspends operations.

Following an attack on Saturday, October 29, 2022, the Atacama Large Millimeter Array (ALMA) Observatory in Chile has ceased all astronomical observation operations and shut down its public website.

The observatory’s email services are temporarily restricted, and IT professionals are working to restore the compromised systems.

The firm tweeted yesterday about the security problem, noting that given the circumstances, it is now hard to predict when normal activities will resume.

The observatory further stated that neither the ALMA antennas nor any scientific data were compromised by the attack, showing that there are no indications of unauthorized data access or exfiltration.

3. Researchers describe a new malware campaign that targets employees of the Indian government.

A recent campaign using trojanized variants of the two-factor authentication tool Kavach targeted at Indian government entities has been connected to the threat actor known as Transparent Tribe.

Sudeep Singh, a researcher with Zscaler ThreatLabz, stated in a Thursday analysis that “this gang leverages Google Adwords for the aim of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications.”

The cybersecurity firm claimed that low-volume credential harvesting assaults by the advanced persistent threat group were also carried out. In these attacks, fake websites impersonating legitimate Indian government portals were set up to trick unwary visitors into providing their passwords.

4. Numerous American news outlets spread malware in a supply-chain hack.

Threat actors are deploying the SocGholish JavaScript malware framework, commonly known as FakeUpdates, on the websites of hundreds of newspapers across the United States utilizing the infrastructure of an unknown media organization that has been compromised.

The threat actor (TA569) that is responsible for this supply-chain attack placed malicious code into a legitimate JavaScript file that is loaded by the websites of the news organizations.

5. CISA Notifies Users of Three Industrial Control System Software Vulnerabilities

Three Industrial Control Systems (ICS) advisories about various vulnerabilities in software from ETIC Telecom, Nokia, and Delta Industrial Automation have been released by the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

This includes CVE-2022-3703 (CVSS score: 9.0), a serious issue caused by the RAS online portal’s inability to confirm the legitimacy of firmware, which makes it easy to sneak in a rogue package that gives the adversary backdoor access.

Two more flaws in the RAS API, a file upload problem (CVE-2022-40981, CVSS score: 8.3) and a directory traversal bug (CVE-2022-41607, CVSS score: 8.6), both of which can be used to read arbitrary files and upload harmful files that can compromise the device.


That’s it for today’s article. cyber-criminals are increasing enormously day by day and so does cyber attacks. Only if we are aware of what is happening around us in this tech world, we can prevent ourselves from those cyber attacks so keep yourself updated through our cybersecurity news and also stay connected by subscribing to our newsletter. Share your thoughts in the comment section and Comeback again for another set of cybersecurity news. Thank You!

Share this post


A Computer science Engineer, Certified Ethical hacker (CEH), Offensive Security Certified professional (OSCP), SOC Analyst & Content Creator.

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Our Community

Table of Contents

weekly trending


Related Articles