A state-sponsored group is using the ReverseRAT backdoor to target India
According to a report dated 21 February, a phishing campaign is currently being conducted by a Pakistani threat group called SideCopy, which aims to deploy an updated version of a backdoor called ReverseRAT on Indian government entities.
The recent attacks have targeted a two-factor authentication solution known as Kavach and used by the Indian government. The campaign begins with a phishing email that contains a Word document that supports macros. Once the file is opened and the macros are enabled, it triggers the execution of malicious code that leads to the deployment of ReverseRAT on the compromised system.
Once ReverseRAT is installed, it collects data from the victim's device, encrypts it and sends it to the group's command and control (C2) server.
Read more about it : here