Cybersecurity Advisory Issued for Government Organizations

The National Computer Emergency Team (NCERT) has issued an advisory to address a cybercrime campaign targeting high-profile government offices, linked to the Sidewinder APT group. This campaign uses spear phishing tactics and compromised client applications to infiltrate systems and steal sensitive data. Techniques include OS credential dumping, stealing web session cookies, and gathering system information.

 

NCERT recommends several mitigation strategies, such as deploying advanced email filtering solutions to detect and quarantine suspicious attachments and URLs and using email authentication mechanisms (SPF, DKIM, DMARC) to prevent domain spoofing. Organizations should implement document security policies to restrict macros and scripts, and use sandboxing and static analysis tools to analyze suspicious documents. PDF security features like digital signatures and encryption are also advised.

 

For endpoint protection, NCERT suggests deploying endpoint detection and response (EDR) solutions to block malicious activities and using application control measures to restrict untrusted binaries. Integrating threat intelligence feeds into security monitoring systems can help identify indicators of compromise associated with APT groups. Government organizations are urged to remain vigilant and adopt these security measures to safeguard against cyber threats.