China-Linked Hackers Target Indian Tax Filers With Fake ITR Tools to Deploy Malware
Cybersecurity firm Seqrite Labs has uncovered a campaign, dubbed Operation DragonReturn, in which a China-nexus threat group distributes DcRAT — a remote access trojan — by impersonating India's Income Tax Department. Attackers use phishing emails and malicious links disguised as legitimate tax filing utilities, timed to coincide with India's March 31 fiscal deadline to maximise success rates. Once installed, DcRAT establishes persistence on infected systems and harvests sensitive data including credentials, browser history, and keystrokes, relaying it to attacker-controlled servers. The campaign specifically targets Indian tax professionals and corporate finance teams, who typically hold elevated access to financial records, making them valuable entry points for deeper network infiltration. The use of commodity malware-as-a-service infrastructure suggests the attackers sourced DcRAT from Chinese underground forums, where such tools are actively maintained and updated.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in