A malicious entity associated with Pakistan has been noticed aiming at multiple sectors in India utilizing an array of remote access trojans such as Xeno RAT, Spark RAT, and a previously unidentified malware group referred to as CurlBack RAT.
The operations, identified by SEQRITE in December 2024, focused on Indian organizations connected to the railway, oil and gas, and external affairs ministries, indicating a broadening of the hacking group’s activities.