The attackers used decoy documents related to security issues in South Asia. Source: Shutterstock/Gil C

Indian and Pakistani security agencies struck by malware attacks – report

By | 29 August, 2017

FOR nearly a year, Indian and Pakistani security agencies have been hit by a sustaining cyber spyware attack by another country,  cyber security company Symantec said.

Symantec revealed its cyber intelligence report to clients in July, saying the threat against the two countries appear to be a state-sponsored attack dating back to October 2016,  India.com reported on Tuesday.

However, the company did not reveal which country was behind the online espionage effort against affecting agencies involved in regional security issues.

SEE ALSO: India widens crackdown on Chinese tech companies amid standoff

According to Reuters, the campaign appeared to be the work of several groups, but tactics and techniques used suggest the groups were operating with “similar goals or under the same sponsor”, probably a nation state.

The detailed intelligence report on the cyber spying comes amid heightened tensions in the South Asian region.

Following a face-off with China in Bhutan near their disputed frontier, India’s military has raised operational readiness along its border.  Tensions are also simmering between India and Pakistan over the disputed Kashmir region.

Symantec does not comment publicly on the malware analysis, investigations and incident response services it provides clients, a spokesman said as quoted by Reuters.

While the cyber security company did not reveal the likely state-sponsor of the attack, it said governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity.

“They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said.

SEE ALSO: Failure of the imagination: Malwarebytes on WannaCry and future of cybersecurity

The company said the malware was also being used to target Android devices.

India in February established a center to help companies and individuals detect and remove malware, in response to frequent cyber-security incidents. The center is operated by the Indian Computer Emergency Response Team (CERT-In).

CERT-In director-general Gulshan Rai declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.

Symantec’s report said an investigation into the backdoor showed it was constantly being modified to provide “additional capabilities” for spying operations.

A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.

Additional reporting by Reuters



READ MORE