{"id":41497,"date":"2015-03-11T14:21:49","date_gmt":"2015-03-11T21:21:49","guid":{"rendered":"https:\/\/blogs.mcafee.com\/?p=41497"},"modified":"2025-06-06T01:17:34","modified_gmt":"2025-06-06T08:17:34","slug":"targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/","title":{"rendered":"Attacks On Indian Organizations Continue &#8211; More Exploits Focused On Events"},"content":{"rendered":"<p>In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and overseas organizations. We have actively tracked the campaign since last year. In our previous analysis\u00a0of this attack, we uncovered several exploits that were closely connected to India\u2019s developmental agenda. These exploits lure victims into opening malicious documents that compromise their machines and steal confidential data. We found that this targeted campaign has been going on since 2010 with periodic variations in the malware families.<\/p>\n<p>The recently appointed government and heightened activity on the domestic front has led to considerable interest from organizations and consumers. Since January this year, we have seen a steady flow of similar exploits as part of this campaign. These exploits continue to closely follow national events.<\/p>\n<h2>Following are some recent exploit filenames or themes:<\/h2>\n<ul>\n<li>Indian Diplomacy At Work&#8211;UNSC Reforms.doc (MD5: faa97d7c792e3d8e7fffa9ea755c8efb; first seen: Oct 31, 2014).<\/li>\n<li>Vibrant Gujarat Summit 2015.doc (MD5: b44a0ebddabee48c1d18f1e24780084b; first seen: Jan\u00a0 6).<\/li>\n<li>U.S.,_India_to_formulate_smart_city_action_plans_in_three_months.doc (MD5: b0ae36bcf725d53ed73126ed56e55951; first seen: Jan 28).<\/li>\n<\/ul>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_111.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41528\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_111.png\" alt=\"image_11\" width=\"978\" height=\"570\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_111.png 978w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_111-300x175.png 300w\" sizes=\"auto, (max-width: 978px) 100vw, 978px\" \/><\/a><\/p>\n<p>During late 2014 and early 2015, the attackers modified the shellcode and the dropped malware family, continuously changing their tools and techniques. Some of the recent exploits involved in this campaign drop PlugX malware. The following images show how the shellcode has been modified between exploits observed on January 6 (at left) and January 28 (at right).<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_12.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41531\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_12.png\" alt=\"image_12\" width=\"1005\" height=\"557\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_12.png 1005w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_12-300x166.png 300w\" sizes=\"auto, (max-width: 1005px) 100vw, 1005px\" \/><\/a>While researching this campaign, we gained access to one interim control server, which appears to be the short-term registration server that the compromised host communicates with after decoding the first-stage URL. The directory structure of the control server is:<\/p>\n<p><strong><span style=\"color: #000000;\">\/cms:\u00a0<\/span><\/strong><\/p>\n<p>This directory holds all the client data in JavaScript Object Notation from compromised machines connected to this server. The following image shows the directory structure and the information stored in the file:<\/p>\n<p>Filename: h_HOST-NAME_TIMEVAR_t. All the machine information (IP, MAC, OS type, hostname, OS version, infection time stamp, etc.) was recorded on the remote server with this filename.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_13.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-41535\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_13.png\" alt=\"image_13\" width=\"705\" height=\"165\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_13.png 684w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_13-300x70.png 300w\" sizes=\"auto, (max-width: 705px) 100vw, 705px\" \/><\/a>Next we see how the machine information looks on the control server, highlighting the infection time stamp from late last year:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image11.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41538\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image11.png\" alt=\"image1\" width=\"1405\" height=\"272\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image11.png 1405w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image11-300x58.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image11-1024x198.png 1024w\" sizes=\"auto, (max-width: 1405px) 100vw, 1405px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image21.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41537\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image21.png\" alt=\"image2\" width=\"1571\" height=\"225\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image21.png 1571w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image21-300x43.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image21-1024x147.png 1024w\" sizes=\"auto, (max-width: 1571px) 100vw, 1571px\" \/><\/a>Filename: r_off_PCNAME_TIME_TIME_t. This holds base-64-encoded data for command-line outputs that ran on\u00a0the compromised host.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_14.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41542\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_14.png\" alt=\"image_14\" width=\"711\" height=\"150\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_14.png 711w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_14-300x63.png 300w\" sizes=\"auto, (max-width: 711px) 100vw, 711px\" \/><\/a>Decoding this data reveals the command executed on the compromised host and also exposes the list of documents and files on the machine that could have been stolen.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41547\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image3.png\" alt=\"image3\" width=\"1316\" height=\"618\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image3.png 1316w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image3-300x141.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image3-1024x481.png 1024w\" sizes=\"auto, (max-width: 1316px) 100vw, 1316px\" \/><\/a><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41548\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image4.png\" alt=\"image4\" width=\"1150\" height=\"624\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image4.png 1150w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image4-300x163.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image4-1024x556.png 1024w\" sizes=\"auto, (max-width: 1150px) 100vw, 1150px\" \/><\/a><\/p>\n<p>Filename: c_HOSTNAME_TIME_t. This file holds an encoded WMI script or script variables in the following form:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_15.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41552\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_15.png\" alt=\"image_15\" width=\"711\" height=\"150\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_15.png 711w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_15-300x63.png 300w\" sizes=\"auto, (max-width: 711px) 100vw, 711px\" \/><\/a><\/p>\n<p>which\u00a0turns out to be a readable WMI script when decoded:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image16.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-41553\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image16.png\" alt=\"image16\" width=\"712\" height=\"202\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image16.png 656w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image16-300x85.png 300w\" sizes=\"auto, (max-width: 712px) 100vw, 712px\" \/><\/a><\/p>\n<p>Filename: d_rdown_HOSTNAME_TIME_t. This file is uploaded from the compromised host to the control server.<\/p>\n<p>Filename: rdown_HOSTNAME_TIME_t. This file is downloaded from the control server to the compromised machine. It could contain postexploitation tools to run on the host.<\/p>\n<p><strong>\/tools:<\/strong><\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_17.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-41555\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_17.png\" alt=\"image_17\" width=\"552\" height=\"159\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_17.png 656w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_17-300x86.png 300w\" sizes=\"auto, (max-width: 552px) 100vw, 552px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>The tools directory hosts several postexploitation tools and malware to be downloaded from the control server to run on compromised machines. We found malicious DLLs, rootkits, encoded JavaScript malware, and cab files. One of the WMI scripts is an installer for other malware:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_18.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41562\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_18.png\" alt=\"image_18\" width=\"945\" height=\"520\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_18.png 945w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_18-300x165.png 300w\" sizes=\"auto, (max-width: 945px) 100vw, 945px\" \/><\/a>We have tracked down the location of many of this campaign&#8217;s control servers, primarily in the United States and China. More than 60% of the servers were hosted in the United States and more than 20% were hosted in China.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_19.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41566\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_19.png\" alt=\"image_19\" width=\"702\" height=\"318\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_19.png 702w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_19-300x136.png 300w\" sizes=\"auto, (max-width: 702px) 100vw, 702px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/products\/advanced-threat-defense.html\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee Advanced Threat Defense<\/a><\/strong><\/p>\n<p><a href=\"https:\/\/www.mcafee.com\/enterprise\/en-us\/products\/advanced-threat-defense.html\" target=\"_blank\" rel=\"noopener noreferrer\">McAfee Advance Threat Defense<\/a> provides coverage for all of these exploits as well as for the dropped files involved in this attack.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_21.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-41779\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/image_21.png\" alt=\"image_21\" width=\"1280\" height=\"261\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_21.png 1280w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_21-300x61.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/image_21-1024x209.png 1024w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Attackers are continuously on the lookout for social engineering opportunities. Influencing targeted users to open malicious documents following national events is one the most effective and effortless ways of performing these attacks. Users need to\u00a0exercise extreme caution when opening documents from unknown sources, and use patched software.<\/p>\n<p>I would like to thank my fellow researcher Brad Arndt for assistance in researching and tracking this campaign.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic&#8230;<\/p>\n","protected":false},"author":1088,"featured_media":102265,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[1411,180],"coauthors":[786],"class_list":["post-41497","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs","tag-advanced-persistent-threats","tag-malware"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Attacks On Indian Organizations Continue - More Exploits Focused On Events | McAfee Blog<\/title>\n<meta name=\"description\" content=\"In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Attacks On Indian Organizations Continue - More Exploits Focused On Events | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-03-11T21:21:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-06T08:17:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"659\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chintan Shah\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chintan Shah\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/\"},\"author\":{\"name\":\"Chintan Shah\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569\"},\"headline\":\"Attacks On Indian Organizations Continue &#8211; More Exploits Focused On Events\",\"datePublished\":\"2015-03-11T21:21:49+00:00\",\"dateModified\":\"2025-06-06T08:17:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/\"},\"wordCount\":692,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg\",\"keywords\":[\"advanced persistent threats\",\"malware\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/\",\"name\":\"Attacks On Indian Organizations Continue - More Exploits Focused On Events | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg\",\"datePublished\":\"2015-03-11T21:21:49+00:00\",\"dateModified\":\"2025-06-06T08:17:34+00:00\",\"description\":\"In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg\",\"width\":659,\"height\":500,\"caption\":\"virus scan\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Attacks On Indian Organizations Continue &#8211; More Exploits Focused On Events\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569\",\"name\":\"Chintan Shah\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/4bd41c8738b3a7e04f993101170b3377\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg\",\"caption\":\"Chintan Shah\"},\"description\":\"Chintan Shah is currently working as a Security Researcher with McAfee Intrusion Prevention System team and holds broad experience in the network security industry. He primarily focuses on Exploit and vulnerability research, building Threat Intelligence frameworks, Reverse engineering techniques and malware analysis. Chintan had researched and uncovered multiple targeted and espionage attacks in the past blogging about them. His interests lies in software fuzzing for vulnerability discovery, analyzing exploits, malwares and translating to product improvement.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/chintan-shah\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Attacks On Indian Organizations Continue - More Exploits Focused On Events | McAfee Blog","description":"In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Attacks On Indian Organizations Continue - More Exploits Focused On Events | McAfee Blog","og_description":"In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2015-03-11T21:21:49+00:00","article_modified_time":"2025-06-06T08:17:34+00:00","og_image":[{"width":659,"height":500,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg","type":"image\/jpeg"}],"author":"Chintan Shah","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Chintan Shah","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/"},"author":{"name":"Chintan Shah","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569"},"headline":"Attacks On Indian Organizations Continue &#8211; More Exploits Focused On Events","datePublished":"2015-03-11T21:21:49+00:00","dateModified":"2025-06-06T08:17:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/"},"wordCount":692,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg","keywords":["advanced persistent threats","malware"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/","name":"Attacks On Indian Organizations Continue - More Exploits Focused On Events | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg","datePublished":"2015-03-11T21:21:49+00:00","dateModified":"2025-06-06T08:17:34+00:00","description":"In November last year, McAfee Labs researchers reported about Operation Mangal, an ongoing targeted attack campaign against several Indian domestic and","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/06\/Glass-focused-on-virus-in-digital-code-illustration-659x500-1.jpg","width":659,"height":500,"caption":"virus scan"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/targeted-attack-campaign-indian-organizations-continues-exploits-focused-national-events\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Attacks On Indian Organizations Continue &#8211; More Exploits Focused On Events"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/48a67aca4e443a833854424927b55569","name":"Chintan Shah","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/4bd41c8738b3a7e04f993101170b3377","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2019\/09\/Chintan-Shah-96x96.jpg","caption":"Chintan Shah"},"description":"Chintan Shah is currently working as a Security Researcher with McAfee Intrusion Prevention System team and holds broad experience in the network security industry. He primarily focuses on Exploit and vulnerability research, building Threat Intelligence frameworks, Reverse engineering techniques and malware analysis. Chintan had researched and uncovered multiple targeted and espionage attacks in the past blogging about them. His interests lies in software fuzzing for vulnerability discovery, analyzing exploits, malwares and translating to product improvement.","url":"https:\/\/www.mcafee.com\/blogs\/author\/chintan-shah\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/41497","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/1088"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=41497"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/41497\/revisions"}],"predecessor-version":[{"id":215169,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/41497\/revisions\/215169"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/102265"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=41497"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=41497"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=41497"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=41497"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}