🟠 High | Source: The Hacker News
A suspected Chinese threat actor is targeting Indian taxpayers, tax professionals, and corporate finance teams using spear-phishing emails that impersonate India’s Income Tax Department. Victims are lured into running a fake tax filing utility that ultimately installs DcRAT, a remote access trojan capable of stealing sensitive data. The campaign, dubbed Operation DragonReturn by Seqrite Labs, is a multi-stage attack with clear espionage and data exfiltration objectives.
Security Architect’s Take: Ensure endpoint detection controls are capable of identifying DcRAT indicators of compromise, and brief finance and tax teams on spear-phishing risks tied to government impersonation lures — particularly during tax season. Review email gateway policies to flag or sandbox executables and archives arriving from external senders, especially those mimicking government domains.
Original advisory: Suspected China-Nexus Hackers Use Fake Indian Tax Filing Utility to Deploy DcRAT