All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Operation DragonReturn: China-linked cyber espionage campaign targets India's tax infrastructure with multi-stage DcRAT malware

By

Seqrite

9d ago· 6 min readenNews

Summary

Seqrite's report on Operation DragonReturn reveals a China-aligned cyber espionage campaign targeting India's Income Tax Department infrastructure. The operation impersonates the tax authority to target taxpayers, tax professionals, and corporate finance teams using a multi-stage malware chain called DcRAT. Key techniques include a fake ITR utility as the initial lure, steganographic payload concealment (hiding malware in images), AMSI bypass to evade detection, Windows service persistence, and encrypted command-and-control infrastructure (govtop[.]one, kkxqbh[.]). The campaign is specifically aimed at compromising government tax systems and stealing sensitive financial data.

Source

bskyOperation DragonReturn: China-linked cyber espionage campaign targets India's tax infrastructure with multi-stage DcRAT malwarehendryadrian.com

Key quotes

· 2 pulled
Seqrite reported Operation DragonReturn, a China-aligned campaign that impersonates India's Income Tax Department to target taxpayers, tax professionals, and corporate finance teams with a multi-stage malware chain.
The operation uses a fake ITR utility, steganographic payload concealment, AMSI bypass, Windows service persistence, and encrypted C2 infrastructure including govtop[.]one, kkxqbh[.]
Snippet from the RSS feed
Seqrite reported Operation DragonReturn, a China-aligned campaign that impersonates India’s Income Tax Department to target taxpayers, tax professionals, and corporate finance teams with a multi-stage malware chain. The operation uses a fak...

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.