Cybercriminals Target Indian Taxpayers with Malware Phishing Campaign

Severity: Medium (Score: 48.9)

Sources: Cybersecuritynews, Gbhackers

Summary

Cybercriminals are exploiting the tax season in India by launching phishing campaigns that impersonate the Income Tax Department. These campaigns utilize fake assessment notices and compliance warnings to deceive victims into downloading malware. The attackers have created convincing fake websites that closely resemble official government portals, employing urgent language to pressure individuals and businesses into action. The malware delivered can provide attackers with persistent access to compromised systems. The operation is currently active, targeting both individual taxpayers and businesses in India. No specific numbers of affected individuals or businesses have been reported, nor are there known CVEs associated with this campaign. The scope of the impact remains significant as the phishing attempts are widespread during the tax season. Security professionals are advised to remain vigilant against such tactics. Key Points: • Cybercriminals are impersonating the Indian Income Tax Department in phishing attacks. • Victims are tricked into downloading malware through fake notices and urgent messaging. • The phishing campaign targets both individual taxpayers and businesses across India.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• India (country)
• T1566.002 - Spearphishing Link (mitre_attack)
• T1566 - Phishing (mitre_attack)