TAG‑140 Phishing Campaign Targets Indian Government via IoT Devices

A New Threat to National Security

Cybersecurity firm Dark Reading has identified a sophisticated phishing campaign by the threat group TAG-140, specifically targeting Indian government departments. This campaign exploits poorly secured IoT devices and embedded systems to infiltrate critical networks.

Technical Breakdown of the Attack

• Initial Access: Malicious .hta scripts are delivered via phishing emails designed to look like official communications.
• The Loader: Windows component mshta.exe executes the script, launching the BroaderAspect .NET loader.
• Persistent Control: The attack culminates in the deployment of DRAT V2 (Remote Access Trojan), granting attackers long-term remote control.

Why IoT is the Weak Link

Many IoT devices—like smart cameras, HVAC controllers, and digital displays—run on legacy or unpatched versions of Windows IoT. These devices act as perfect pivot points, allowing hackers to move from a simple camera into the core government server network.

Best Practices for Defense

• Network Segmentation: Keep IoT devices on a separate network from sensitive data.
• Restrict mshta.exe: Use AppLocker policies to block unauthorized script execution.
• Regular Audits: Continuously monitor IoT firmware for unpatched vulnerabilities.

Protect Indian Infrastructure

The rise of Smart Cities in India requires a new generation of IoT security experts. Learn how to secure connected devices at the Best Cybersecurity Institute in Chhattisgarh. Join Kian Technologies today!

Become a Malware Analysis Expert As hackers switch to modern languages like Golang to build evasive tools, the industry needs experts who can deconstruct and stop these threats. Join the Best Ethical Hacking Institute in Bhilai & Raipur: Learn Malware Analysis, Reverse Engineering, and Advanced Threat Hunting. Enroll now to start your journey in Cybersecurity!