24 June 2016

Pakistan Resumes Cyber-Espionage Operations Against India

Catalin Cimpanu
June 6, 2016

Pakistan Resumes Cyber-Espionage Operations Against India

FireEye security researchers have discovered a new wave of attacks against Indian government officials, yet again linked to Pakistan, just like Operation Transparent Tribe in February and Operation C-Major in March.

The security firm reports that, starting May 18, Indian officials have been receiving a wave of spear-phishing emails masked as news items from a Times of India look-alike domain.

The emails either contained malicious file attachments or they included a link redirecting users to a domain where a drive-by download attack would secretly take place and download malware on the user’s computer.

If the users received a malicious attachment instead of a link, then the file would be a Microsoft Office document that exploited the CVE-2012-0158 vulnerability to install malware.

APT group used a new RAT called BreachRAT

FireEye says the group used a new Remote Access Trojan, which the company named BreachRAT. Previously, the organization had used the njRAT, DarkComet, and the MSIL/Crimson RATs.


Once infected, the trojan would allow the attackers to take snapshots of the user’s desktop and log keystrokes.

This data would then be transferred to a C&C server that was previously used in other operations against the Indian government and that was tied to persons living in Pakistan.

Does it surprise anyone that Pakistan is spying on India?

FireEye says that this campaign targeted random officials in the Indian government. Previously, the Pakistani-linked APT had targeted Indian embassies in Kazakhstan and Saudi Arabia, along with Indian military officials.

Besides the Pakistani APT, Symantec also reported on the Chinese-linked Suckfly group, which targeted Indian private businesses.

India, which is one of the world’s biggest economies, has an important role to play in geopolitics, so it is to no surprise that various groups target its infrastructure. Nevertheless, its relationship with Pakistan is more complicated due to the numerous border wars the two countries were engaged in.

“It comes as no surprise that cyber attacks against the Indian government continue, given the historically tense relations in the region,” FireEye’s Yin Hong Chang and Sudeep Singh concluded in their report.

No comments: