State-sponsored cyber espionage campaign against India and Pakistan identified

State-sponsored cyber espionage campaign against India and Pakistan identified

State-sponsored cyber espionage campaign against India and Pakistan identified

Security software service provider Symantec has unearthed a crafty cyber espionage campaign which placed the security of Indian and Pakistani security establishments at risk in October last year.

The cyber espionage operation used a malware that allowed hackers to determine user locations, take screenshots and steal personal data.

First reported by Reuters, hackers behind the cyber espionage campaign used a malicious 'Ehdoor' backdoor to infiltrate systems and steal sensitive data. According to a security expert contacted by Reuters, the backdoor is very similar to Spynote and Revokery programmes used by hackers who targeted Qatar in the past few months.

According to Symantec, hackers behind the operation targeted 'governments and militaries with operations in South Asia and interests in regional security issues'. Research conducted by the firm revealed that several groups used the backdoor but their actions confirmed that they were operating with “similar goals or under the same sponsor”, which points to the fact that the operation was probably sponsored by a nation state.

To gain access to systems, the hackers used fake documents disguised as official reports from established media houses. These reports covered topics on regional security issues as well as secessionist movements. Once users downloaded such documents, they were exposed to the malware which then allowed hackers to gain access to systems and personal files.

As reported by Reuters, the malware 'allows spies to upload and download files, carry out processes, log keystrokes, identify the target's location, steal personal data, and take screenshots' as well as target Android devices.

Even though Symantec couldn't trace likely sponsors of the cyber espionage campaign, security firm FireEye has located an IP address in Pakistan which was used to submit the malware to a testing service. FireEye believes that considering heightened geopolitical tensions in the region, elevated levels of cyber espionage activity are to be expected.

Last year, the Indian government set up a dedicated Computer Emergency Response Team (CERT-in) to tackle cyber threats on companies, government departments, and individuals. Gulshan Rai, the director general of CERT-In, told Reuters that the team was alerted by a group in Singapore about a possible backdoor in October last year, following which the team had taken immediate measures to block it.

This wasn't the first time that hackers used the 'Ehdoor' backdoor to target governments. It was used on multiple occasions last year 'to target government, military and military-affiliated targets in the Middle East and elsewhere'. Click here to know more about how hackers use various tactics to obtain confidential data from government agencies and large corporations.

Copyright Lyonsdown Limited 2020

Top Articles

PrismHR outage possibly caused by a ransomware attack, experts believe

PrismHR suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.

Hackers exploited flaws in Accellion FTA to steal data from Qualys

Qualys said hackers exploited a zero day vulnerability in Accellion's FTA to infiltrate an FTA server deployed in its DMZ environment.

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

Related Articles