{"id":4061,"date":"2023-03-21T14:02:33","date_gmt":"2023-03-21T14:02:33","guid":{"rendered":"https:\/\/shreshtait.com\/blog\/?p=4061"},"modified":"2025-09-30T12:08:15","modified_gmt":"2025-09-30T06:38:15","slug":"threat-actors-targeting-indian-citizens","status":"publish","type":"post","link":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/","title":{"rendered":"Threat actors targeting Indian citizens"},"content":{"rendered":"\n<p>Security researchers at&nbsp;<a href=\"https:\/\/shreshtait.com\/\" target=\"_blank\" rel=\"noreferrer noopener\">Shreshta<\/a> have identified a phishing campaign targeting Indian citizens.<\/p>\n\n\n\n<h6 class=\"wp-block-heading has-ast-global-color-1-color has-text-color\" id=\"h-\"><\/h6>\n\n\n\n<p><\/p>\n\n\n<\/p>\n\n\n<\/p>\n<p>We have identified a phishing campaign targeting Income Tax users of India wherein the phishing email tempts the user to download a PDF zip file. The zip file contains an exe file, Kutaki keylogger.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n<p>\n\n\n<\/p>\n\n\n<h6 class=\"wp-block-heading has-ast-global-color-1-color has-text-color\" id=\"h-phishing-email-targeting-indian-citizens-income-tax\">Phishing email targeting Indian citizens &#8211; Income tax<\/h6>\n\n\n<\/p>\n\n\n<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-13-at-10.02.14-PM-1024x821.png\" alt=\"Phishing campaign targeting Indian citizens\" width=\"1024\" height=\"821\" \/>\n<p>\u00a0<\/p>\n<figcaption>Image 1 &#8211; Screenshot of the phishing email targeting citizens of India(Income Tax)<\/figcaption>\n<figcaption><\/figcaption>\n<\/figure>\n<p>\n\n\n<\/p>\n\n\n<\/p>\n<h6 class=\"wp-block-heading\"><strong>Threat Indicators<\/strong><\/h6>\n<p>\n\n\n<\/p>\n\n\n<\/p>\n<ul class=\"wp-block-list\">\n<li style=\"list-style-type: none;\">\n<ul>\n\n<\/ul>\n<\/li>\n<\/ul>\n<p>\u00a0<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The phishing email lures the users to download a PDF file &#8220;Tax Payment Confirmation.pdf&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>When the users clicks on the PDF image in the phishing email, it downloads &#8220;Tax Payment Challan.zip&#8221; from kmtractors[.]in\/img\/images\/itz[.]htm<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The threat actors have compromised a legitimate website(kmtractors[.]in) and uploaded a malware in one of their sub-directories<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Extracting &#8220;Tax Payment Challan.zip&#8221; saves &#8220;Tax Payment Challan.exe&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>&#8220;Tax Payment Challan.exe&#8221; is Kutaki keylogger<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The domain name kmtractors[.]in was registered by Endurance Digital Domain Technology LLP.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>Domain name registration date &#8211; 04-12-2010<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The domain kmtractors[.]in resolves to IP address 46.4.61.150<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>File distribution originates from IP address 164.52.213.142<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The SHA256 hash of &#8220;Tax Payment Challan.zip&#8221; is 7848994b7a5bf36ffaedbe9049bb15b215811a82ecd2ff548ea76e4a48819685<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The SHA256 hash of &#8220;Tax Payment Challan.exe&#8221; is f2777ba8469053dbb35353cf54caf343329dbd721f31de2225eccbfd33d1fd6a<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>After execution, &#8220;Tax Payment Challan.exe&#8221; connects to newbosslink[.]xyz[\/]baba\/new4[.]php<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The domain name newbosslink[.]xyz registered by Namecheap<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The domain name newbosslink[.]xyz resolves to the IP address 91.223.82.124<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>The IP address 91.223.82.124 belongs to AS199968 IWS NETWORKS LLC<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>\n\n<\/p>\n<p>\n\n<\/p>\n<ul>\n<li>The AS199968 is based in Amsterdam<\/li>\n<\/ul>\n\u00a0\n<p>\n\n<\/p>\n<p>\n\n\n<\/p>\n\n\n<\/p>\n<h6 class=\"wp-block-heading\">Malware hosted on the website\u00a0<strong>kmtractors[.]in\/img\/images\/itz[.]htm<\/strong><\/h6>\n<p>\n\n\n<\/p>\n\n\n<\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/Screenshot-from-2023-03-14-16-07-48-1024x559.png\" alt=\"Screenshot of malicious file downloading &quot;Tax Payment Challan.zip&quot; file\" \/>\n<p>\u00a0<\/p>\n<figcaption>Image 2 &#8211; Screenshot of malicious file downloading &#8220;Tax Payment Challan.zip&#8221; file<\/figcaption>\n<figcaption><\/figcaption>\n<\/figure>\n<p>\n\n\n<\/p>\n\n\n<\/p>\n<p>\n\n\n<\/p>\n\n\n<\/p>\n<p>\n\n\n<\/p>\n\n\n<h2 class=\"wp-block-heading\" id=\"h-get-free-access-to-newly-registered-domain-names-nrd-community-feeds\">Get free access to Newly registered domain names (NRD) community feeds<\/h2>\n\n\n\n<p><a href=\"https:\/\/shreshtait.com\/blog\/2024\/01\/what-are-newly-registered-domain-names\/\" target=\"_blank\" rel=\"noreferrer noopener\">Newly registered domain names<\/a> or recently registered domains can be a potential security risk for organisations. They are often used to host phishing, malware, and other malicious content.<\/p>\n\n\n\n<p>By monitoring or blocking NRDs, enterprises can eliminate the risk of cyber threats posed by NRDs.<\/p>\n\n\n\n<p>Get no-cost access to our newly registered domain names(NRD) community feeds.<\/p>\n\n\n\n<p><a href=\"https:\/\/shreshtait.com\/blog\/2024\/02\/recently-registered-domains-download\/\" target=\"_blank\" rel=\"noreferrer noopener\">Download the free NRD community feeds<\/a><\/p>\n\n\n<\/p>\n\n\n<\/p>\n<form action=\"https:\/\/newsletter.shreshtait.com\/subscription\/form\" method=\"post\">\n<h3>Subscribe to our blog newsletter<\/h3>\n<p><input name=\"nonce\" type=\"hidden\" \/><\/p>\n<p><input name=\"email\" required=\"\" type=\"email\" placeholder=\"E-mail\" \/><\/p>\n<p><input name=\"name\" type=\"text\" placeholder=\"Name (optional)\" \/><\/p>\n<p><input id=\"c5018\" checked=\"checked\" name=\"l\" type=\"checkbox\" value=\"c5018262-a7de-45bc-a053-f1e08a5fa092\" \/><br \/><label for=\"c5018\">Shreshta Blog &#8211; Threat Intelligence<\/label><\/p>\n<p><input type=\"submit\" value=\"Subscribe\" \/><\/p>\n<\/form>\n<p>\n\n\n<\/p>","protected":false},"excerpt":{"rendered":"<p>Security researchers at&nbsp;Shreshta have identified a phishing campaign targeting Indian citizens. We have identified a phishing campaign targeting Income Tax users of India wherein the phishing email tempts the user to download a PDF zip file. The zip file contains an exe file, Kutaki keylogger. \u00a0 \u00a0 Phishing email targeting Indian citizens &#8211; Income tax [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":4240,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[42],"tags":[45,75,76,74,48,47],"class_list":["post-4061","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threat-intelligence","tag-dns","tag-domain-name","tag-india","tag-malware","tag-phishing","tag-threat-intelligence"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.0 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Threat actors targeting Indian citizens<\/title>\n<meta name=\"description\" content=\"Security researchers at\u00a0Shreshta have identified threat actors targeting Indian citizens with a phishing email\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat actors targeting Indian citizens\" \/>\n<meta property=\"og:description\" content=\"Security researchers at\u00a0Shreshta have identified threat actors targeting Indian citizens with a phishing email\" \/>\n<meta property=\"og:url\" content=\"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/\" \/>\n<meta property=\"og:site_name\" content=\"DNS Security &amp; Threat Intelligence Blog | Shreshta\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-21T14:02:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-30T06:38:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1344\" \/>\n\t<meta property=\"og:image:height\" content=\"896\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Pranay Patil\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@shreshtait\" \/>\n<meta name=\"twitter:site\" content=\"@shreshtait\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pranay Patil\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/\"},\"author\":{\"name\":\"Pranay Patil\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/person\\\/675cf497a40c89e71d50bbac3e1288b6\"},\"headline\":\"Threat actors targeting Indian citizens\",\"datePublished\":\"2023-03-21T14:02:33+00:00\",\"dateModified\":\"2025-09-30T06:38:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/\"},\"wordCount\":379,\"publisher\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png\",\"keywords\":[\"dns\",\"domain name\",\"india\",\"malware\",\"phishing\",\"threat intelligence\"],\"articleSection\":[\"Threat Intelligence\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/\",\"name\":\"Threat actors targeting Indian citizens\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png\",\"datePublished\":\"2023-03-21T14:02:33+00:00\",\"dateModified\":\"2025-09-30T06:38:15+00:00\",\"description\":\"Security researchers at\u00a0Shreshta have identified threat actors targeting Indian citizens with a phishing email\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#primaryimage\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png\",\"contentUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png\",\"width\":1344,\"height\":896,\"caption\":\"Phishing email impersonating income tax luring users to download malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/2023\\\/03\\\/threat-actors-targeting-indian-citizens\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Threat actors targeting Indian citizens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/\",\"name\":\"DNS Security &amp; Threat Intelligence Blog | Shreshta\",\"description\":\"DNS Security &amp; Threat Intelligence\",\"publisher\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#organization\",\"name\":\"Shreshta IT Technologies Pvt. Ltd.\",\"alternateName\":\"Shreshta\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Shreshta.svg\",\"contentUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/03\\\/Shreshta.svg\",\"width\":330,\"height\":76,\"caption\":\"Shreshta IT Technologies Pvt. Ltd.\"},\"image\":{\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/shreshtait\",\"https:\\\/\\\/infosec.exchange\\\/@shreshta\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/shreshta\\\/\"],\"description\":\"DNS security and threat intelligence company providing real-time threat protection for organizations worldwide. Our solutions include DNS Shield (Protective DNS), DNS Watchtower (Passive DNS), and comprehensive threat intelligence feeds. Trusted by enterprises to detect, prevent, and investigate cyber threats at the DNS layer.\",\"email\":\"sales@shreshtait.com\",\"legalName\":\"Shreshta IT Technologies Pvt. Ltd.\",\"foundingDate\":\"2014-01-22\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"11\",\"maxValue\":\"50\"},\"publishingPrinciples\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/#\\\/schema\\\/person\\\/675cf497a40c89e71d50bbac3e1288b6\",\"name\":\"Pranay Patil\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/Screenshot-2023-01-27-at-11.09.13-PM.png\",\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/Screenshot-2023-01-27-at-11.09.13-PM.png\",\"contentUrl\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/Screenshot-2023-01-27-at-11.09.13-PM.png\",\"caption\":\"Pranay Patil\"},\"sameAs\":[\"https:\\\/\\\/shreshtait.com\\\/blog\"],\"url\":\"https:\\\/\\\/shreshtait.com\\\/blog\\\/author\\\/pranay\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Threat actors targeting Indian citizens","description":"Security researchers at\u00a0Shreshta have identified threat actors targeting Indian citizens with a phishing email","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/","og_locale":"en_US","og_type":"article","og_title":"Threat actors targeting Indian citizens","og_description":"Security researchers at\u00a0Shreshta have identified threat actors targeting Indian citizens with a phishing email","og_url":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/","og_site_name":"DNS Security &amp; Threat Intelligence Blog | Shreshta","article_published_time":"2023-03-21T14:02:33+00:00","article_modified_time":"2025-09-30T06:38:15+00:00","og_image":[{"width":1344,"height":896,"url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png","type":"image\/png"}],"author":"Pranay Patil","twitter_card":"summary_large_image","twitter_creator":"@shreshtait","twitter_site":"@shreshtait","twitter_misc":{"Written by":"Pranay Patil","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#article","isPartOf":{"@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/"},"author":{"name":"Pranay Patil","@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/person\/675cf497a40c89e71d50bbac3e1288b6"},"headline":"Threat actors targeting Indian citizens","datePublished":"2023-03-21T14:02:33+00:00","dateModified":"2025-09-30T06:38:15+00:00","mainEntityOfPage":{"@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/"},"wordCount":379,"publisher":{"@id":"https:\/\/shreshtait.com\/blog\/#organization"},"image":{"@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#primaryimage"},"thumbnailUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png","keywords":["dns","domain name","india","malware","phishing","threat intelligence"],"articleSection":["Threat Intelligence"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/","url":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/","name":"Threat actors targeting Indian citizens","isPartOf":{"@id":"https:\/\/shreshtait.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#primaryimage"},"image":{"@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#primaryimage"},"thumbnailUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png","datePublished":"2023-03-21T14:02:33+00:00","dateModified":"2025-09-30T06:38:15+00:00","description":"Security researchers at\u00a0Shreshta have identified threat actors targeting Indian citizens with a phishing email","breadcrumb":{"@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#primaryimage","url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png","contentUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/pswapneel_illustration_of_a_phishing_email_which_lures_users_to_787ad0ed-3cdd-46ff-8d2d-e4cff5345a01.png","width":1344,"height":896,"caption":"Phishing email impersonating income tax luring users to download malware"},{"@type":"BreadcrumbList","@id":"https:\/\/shreshtait.com\/blog\/2023\/03\/threat-actors-targeting-indian-citizens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/shreshtait.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Threat actors targeting Indian citizens"}]},{"@type":"WebSite","@id":"https:\/\/shreshtait.com\/blog\/#website","url":"https:\/\/shreshtait.com\/blog\/","name":"DNS Security &amp; Threat Intelligence Blog | Shreshta","description":"DNS Security &amp; Threat Intelligence","publisher":{"@id":"https:\/\/shreshtait.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/shreshtait.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/shreshtait.com\/blog\/#organization","name":"Shreshta IT Technologies Pvt. Ltd.","alternateName":"Shreshta","url":"https:\/\/shreshtait.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/Shreshta.svg","contentUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/03\/Shreshta.svg","width":330,"height":76,"caption":"Shreshta IT Technologies Pvt. Ltd."},"image":{"@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/shreshtait","https:\/\/infosec.exchange\/@shreshta","https:\/\/www.linkedin.com\/company\/shreshta\/"],"description":"DNS security and threat intelligence company providing real-time threat protection for organizations worldwide. Our solutions include DNS Shield (Protective DNS), DNS Watchtower (Passive DNS), and comprehensive threat intelligence feeds. Trusted by enterprises to detect, prevent, and investigate cyber threats at the DNS layer.","email":"sales@shreshtait.com","legalName":"Shreshta IT Technologies Pvt. Ltd.","foundingDate":"2014-01-22","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"11","maxValue":"50"},"publishingPrinciples":"https:\/\/shreshtait.com\/blog\/blog\/"},{"@type":"Person","@id":"https:\/\/shreshtait.com\/blog\/#\/schema\/person\/675cf497a40c89e71d50bbac3e1288b6","name":"Pranay Patil","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/01\/Screenshot-2023-01-27-at-11.09.13-PM.png","url":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/01\/Screenshot-2023-01-27-at-11.09.13-PM.png","contentUrl":"https:\/\/shreshtait.com\/blog\/wp-content\/uploads\/2023\/01\/Screenshot-2023-01-27-at-11.09.13-PM.png","caption":"Pranay Patil"},"sameAs":["https:\/\/shreshtait.com\/blog"],"url":"https:\/\/shreshtait.com\/blog\/author\/pranay\/"}]}},"_links":{"self":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts\/4061","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/comments?post=4061"}],"version-history":[{"count":73,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts\/4061\/revisions"}],"predecessor-version":[{"id":7872,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/posts\/4061\/revisions\/7872"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/media\/4240"}],"wp:attachment":[{"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/media?parent=4061"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/categories?post=4061"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shreshtait.com\/blog\/wp-json\/wp\/v2\/tags?post=4061"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}