New Delhi: Cisco Talos - the threat intelligence unit of Cisco - on Thursday said it has recently discovered a cyber attack campaign that targets government employees and military personnel in India.

Cisco Talos has published its findings in a blog post, outlining how ''Armor Piercer'' distributes malicious documents to deliver Remote Access Trojans (RATs) and gain access to highly confidential information related to government and defence agencies.

"The lures used in this campaign are predominantly around operational documents pertaining to ''Kavach'', a two-factor authentication (2FA) app operated by India's National Informatics Centre (NIC) and used by government employees to access their emails," it added.

Cisco Talos said the earliest instance of this campaign was observed in December 2020, utilising malicious MS Office documents, known as maldocs, disguised as security advisories, meeting schedules, software installation guides, etc.

It added that the campaign was found to be using multiple techniques and evolved to obfuscate itself and remain in the victim's environment, evading standard detection techniques.

The blog noted that the campaign has been ongoing since the end of 2020 and continues to operate today.

Cisco Director Security Business (India and SAARC) Vishak Raman said operation Armor Piercer is a grim reminder of the vulnerabilities still existing in the cybersecurity posture.

"To ensure end-to-end security of India's most precious assets and information, government and defence agencies must implement a layered defence strategy that enables comprehensive visibility and coverage across all endpoints, accelerates response by leveraging automation and orchestration to enrich data, and reduces massive data sets into actionable insights through AI/ML and data analytics," he added.

Essentially, security must not be bolted on, rather built into every system and process to ensure infallible protection of people and assets, he emphasised.