securityonline.info 7/1/2026, 9:22:35 AM · external

Operation DragonReturn hits Indian finance via fake tax emails

Operation DragonReturn hits Indian finance via fake tax emails
CyberSIXT Evidence Panel
Primary Source seqrite.com

OPERATION DragonReturn is a cyber espionage campaign targeting Indian taxpayers and finance professionals, discovered in May 2026 by Seqrite Lab. Attackers use phishing emails impersonating the Income Tax Department to deliver malware via a fake tax notification. The malware employs tactics such as DLL sideloading and remote access trojans (specifically, DcRAT) to exfiltrate sensitive financial data, while remaining undetected by antivirus software.

The campaign is attributed to a suspected threat cluster linked to China, although definitive state attribution is complex. Organizations are urged to enhance security measures, including vigilant email filtering and updating endpoint security tools.

View Primary Source Via securityonline.info

Article by CyberSIXT