Centre urges defense personnel to be vigilant against Pakistani cyberattacks
What's the story
The Indian government has issued a cybersecurity warning that Pakistani cyberattackers are targeting Indian defense personnel using websites registered under the .IN domain. The use of the .IN domain by the attackers to target armed forces is a significant development in the ongoing cyber warfare between the two countries. The .IN domain is India's top country code internet domain, and its use by Pakistani cyberattackers makes it harder to discern the origin of the attack.
Details
The government has listed several suspected sites
The new tactic of using the .IN domain is part of a larger trend of cybercriminals devising new methods to target potential victims. The recent advisory issued by the Indian government lists several websites suspected of being hosted by Pakistani threat actors, which can be used to launch phishing attacks against the armed forces. These sites include coorddesk.in, ksboards.in, coordbranch.in, and ksbpanel.in.
Scenario
Identifying more domains for phishing attack prevention
The Indian government is conducting further research to identify more domains that can be used to launch phishing attacks against the armed forces. According to the advisory, the websites are being hosted "to trap Indian defense personnel." The government's efforts aim to protect defense personnel from falling victim to phishing attacks and malware infections, which could compromise sensitive information and national security.
Insights
Vigilance and precaution against cyber threats
The cybersecurity advisory cautions Indian defense personnel to be vigilant against phishing attacks and malware infections. It recommends blocking URLs of suspected websites, sensitizing all personnel regarding such websites, and downloading applications only from trusted sources. The advisory comes at a time when various branches of the Indian defense, including the Indian Navy, have recently been targeted by threat actors using tactics such as malware disguised as honey trap prevention guidance, and targeting families of personnel to extract sensitive information.