SideCopy is a threat actor attributed to PK, also known as Mocking Draco, G1008, UNC2269. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does SideCopy exploit?

SideCopy is known to exploit 1 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

SideCopy

Also known as: Mocking Draco, G1008, UNC2269, TAG-140, White Dev 55

PKInformation theft and espionage

Exploited CVEs

Overview

The SideCopy APT is a Pakistani threat actor that has been operating since at least 2019, mainly targeting South Asian countries and more specifically India and Afghanistan. Its name comes from its infection chain that tries to mimic that of the SideWinder APT. It has been reported that this actor has similarities with Transparent Tribe (APT36) and possibly is a subdivision of this actor. Cisco Talos and Seqrite have provided comprehensive reports on this actor’s activities.

Exploited Vulnerabilities

CVE ID	Action
CVE-2017-0199	View Details