China-Nexus Hackers Utilize Fake Indian Tax Filing Utility to Deploy DCRat
A multi-stage cyber espionage campaign, codenamed Operation DragonReturn, targeted Indian taxpayers by using spear-phishing emails impersonating the Income Tax Department to deliver remote access trojans. This attack chain involves fake tax filing utilities that execute a chain of malicious actions, including payload extraction and deployment of DCRat, linking the activity to ChinaNet infrastructure.
A suspected China-nexus threat activity cluster has been observed targeting Indian taxpayers, tax professionals, and corporate finance teams to deliver a remote access trojan designed to steal sensitive data from compromised hosts.
The multi-stage campaign, codenamed Operation DragonReturn by Seqrite Labs, involves sending spear-phishing emails impersonating the Income Tax Department of India.
*** END OF TRANSMISSION ***