Security software service provider Symantec has unearthed a crafty cyber espionage campaign which placed the security of Indian and Pakistani security establishments at risk in October last year.
The cyber espionage operation used a malware that allowed hackers to determine user locations, take screenshots and steal personal data.
First reported by Reuters, hackers behind the cyber espionage campaign used a malicious 'Ehdoor' backdoor to infiltrate systems and steal sensitive data. According to a security expert contacted by Reuters, the backdoor is very similar to Spynote and Revokery programmes used by hackers who targeted Qatar in the past few months.
According to Symantec, hackers behind the operation targeted 'governments and militaries with operations in South Asia and interests in regional security issues'. Research conducted by the firm revealed that several groups used the backdoor but their actions confirmed that they were operating with “similar goals or under the same sponsor”, which points to the fact that the operation was probably sponsored by a nation state.
To gain access to systems, the hackers used fake documents disguised as official reports from established media houses. These reports covered topics on regional security issues as well as secessionist movements. Once users downloaded such documents, they were exposed to the malware which then allowed hackers to gain access to systems and personal files.
As reported by Reuters, the malware 'allows spies to upload and download files, carry out processes, log keystrokes, identify the target's location, steal personal data, and take screenshots' as well as target Android devices.
Even though Symantec couldn't trace likely sponsors of the cyber espionage campaign, security firm FireEye has located an IP address in Pakistan which was used to submit the malware to a testing service. FireEye believes that considering heightened geopolitical tensions in the region, elevated levels of cyber espionage activity are to be expected.
Last year, the Indian government set up a dedicated Computer Emergency Response Team (CERT-in) to tackle cyber threats on companies, government departments, and individuals. Gulshan Rai, the director general of CERT-In, told Reuters that the team was alerted by a group in Singapore about a possible backdoor in October last year, following which the team had taken immediate measures to block it.
This wasn't the first time that hackers used the 'Ehdoor' backdoor to target governments. It was used on multiple occasions last year 'to target government, military and military-affiliated targets in the Middle East and elsewhere'. Click here to know more about how hackers use various tactics to obtain confidential data from government agencies and large corporations.