BackFake Bonus Emails, Real Espionage: Seqrite Identifies Operation DupeHike Attack Chain
January 20, 2026
Pune, 20th January 2026: Seqrite, the enterprise security arm of Quick Heal Technologies Limited, a global provider of cybersecurity solutions, has recently uncovered a sophisticated cyber-espionage campaign. Dubbed Operation DupeHike, the campaign targets Russian corporate entities, specifically HR, payroll, and internal administrative departments. Criminals behind this attack, tracked as the UNG0902 group, send zip files named “Bonus 2025” with a shortcut that looks like a normal PDF about yearly bonuses, but clicking it quietly pulls in harmful software to spy on and control victims’ machines.
The scam starts with what seems like a regular company email about bonuses, set at 15% of salary based on performance and rules, making it easy to fool office staff who get these updates often. When opened, the shortcut uses a hidden Windows tool called PowerShell to grab the first piece of malware from a bad server. The APT research team at Seqrite Labs, India’s largest malware analysis facility, detected the campaign on 21 November 2025. The team also found the bad servers linked to Russian hosting firms. The attackers first used open web ports but switched to secure ones to stay hidden, showing they’re quick to change tactics as they’re being watched. This multi-step trick – fake file, hidden download, code injection, and remote spying – relies on trusted HR lures to slip past basic defences.
These attacks hit hard because they prey on everyday work emails, especially in HR and payroll, where money and personal info reside. Researchers at Seqrite Labs warn that no company is safe, calling for simple steps like teaching staff to double-check surprise attachments, use two-factor logins, and limit what regular users can access, turning potential weak spots into strong defences. Deploying tools that flag odd PowerShell activity or unsigned code is also recommended.
In response to this campaign, Seqrite has already deployed complete protection across its products. All components of this threat are now actively blocked, ensuring customers remain secure. Enterprises are urged to instruct their employees to never open unexpected files, even from “HR”, and confirm them by phone or official channels first. Seqrite continues to track Operation DupeHike and will disseminate updated indicators of compromise to enterprise customers and law enforcement partners to disrupt attacker infrastructure and strengthen corporate networks.
Read more about this here.
About Seqrite
Seqrite is a leading enterprise cybersecurity solutions provider. With a focus on simplifying cybersecurity, Seqrite delivers comprehensive solutions and services through our patented, AI/ML-powered tech stack to protect businesses against the latest threats by securing devices, applications, networks, cloud, data, and identity. Seqrite is the Enterprise arm of the global cybersecurity brand, Quick Heal Technologies Limited, the only listed cybersecurity products and solutions company in India.
We are the first and only Indian company to have solidified India’s position on the global map by collaborating with the Govt. of the USA on its NIST NCCoE’s Data Classification project. We are differentiated by our easy-to-deploy, seamless-to-integrate comprehensive solutions providing the highest level of protection against emerging and sophisticated threats powered by state-of-the-art threat intelligence and playbooks backed by world-class service provided by best-in-class security experts at India’s largest malware analysis lab – Seqrite Labs. We are the only Indian full-stack company aligned with CSMA architecture recommendations, offering award-winning Endpoint Protection, Enterprise Mobile Device Management, Data Privacy, Zero Trust Network Access, and many more. Seqrite Data Privacy Management solution enables organizations to stay fully compliant with the DPDP Act and global regulations. We have recently launched Digital Risk Protection Services for external threat monitoring and Ransomware Recovery as a Service for rapid, guided restoration after ransomware attacks. Seqrite has also unveiled SIA, an LLM-powered security co-pilot built on GoDeep.AI to help enterprises navigate growing cyber complexity with intelligent, conversational analysis.
Today, 30,000+ enterprises in more than 70 countries trust Seqrite with their cybersecurity needs. For more information, please visit: https://bit.ly/42E5BCJ
About Quick Heal Technologies Limited
Quick Heal Technologies Ltd. is a global cybersecurity solutions provider. Each Quick Heal product is designed to simplify IT security management across the length and depth of devices and on multiple platforms. They are customized to suit consumers, small businesses, government establishments, and corporate houses. Over a span of nearly 3 decades, the company’s R&D has focused on computer and network security solutions.
The current portfolio of cloud-based security and advanced machine learning-enabled solutions stops threats, attacks, and malicious traffic before it strikes. This considerably reduces the system resource usage. The security solutions are indigenously developed in India. Quick Heal Antivirus Solutions, Quick Heal Scan Engine, and the entire range of Quick Heal products are proprietary items of Quick Heal Technologies Ltd. Recently, unveiled Quick Heal pioneers India’s first fraud prevention solution, AntiFraud.AI, available for Android, iOS and Windows.
For more information, please visit: https://smler.in/UxSeS3n
AntiFraud.AI – https://smler.in/Wd-ZUxD