India, Pakistan targeted by a "state-sponsored" cyber attack: Symantec
At a time when India is embroiled in conflicts with Pakistan, security firm Symantec discovered a cyber-attack against India and Pakistan that is likely "state-sponsored". A threat intelligence report by the cyber-security organization identified a "sustained cyber espionage campaign" that targeted regional security entities in India and Pakistan. Symantec noted the online spying campaign dates back to Oct'16. Know more!
Symantec did not name the attacker in report
In a report sent to its clients in July, Symantec said the cyber espionage effort seemed to be a work of several groups. It stated the techniques and tactics used by them suggest they work under the same sponsor with similar goals. It added the sponsor could be a nation state; a Symantec spokesperson declined to comment on the malware analysis and investigations.
Security agencies in South Asia at risk
While Symantec chose not to identify the cyber-attack's sponsor, it warned that militaries/governments operating in South Asia with interests in regional security would be at risk from this spyware. The spying malware uses the "Ehdoor" backdoor to access files on the computers. A security expert said a similar online spying campaign using Ehdoor-like backdoors, Spynote and Revokery, earlier targeted Qatar.
Indian, Pakistani entities lured with security issues-related documents
Attackers lure people into installing the malware by using decoy documents about Kashmir, military issues, and Indian secessionist movement. Such documents include reports from Reuters, Zee News, and The Hindu. Using the spyware, which also targets Android devices, attackers upload/download files, initiate processes, steal data, log keystrokes, take screenshots, etc. The backdoor is being continuously modified to provide better spying capabilities.
India declines to comment on malware attack
Director General of the Indian Computer Emergency Response Team (CERT-In), Gulshan Rai, reportedly declined to comment on the cyber-attack mentioned in Symantec's report. He, however, said they took "prompt action" after discovering a backdoor in Oct'16 when a Singapore-based group alerted CERT-In. In Feb'17, CERT-In launched "Cyber Swachhta Kendra" in response to frequent cyber-security incidents; it helps individuals and companies to detect/remove malware.
Pakistan denies malware incidents
A senior Pakistan Federal Investigation Agency official stated they had not received reports of any malware incidents from their information technology departments. Cyber-security company FireEye's spokesman, however, said a Pakistani Internet Protocol address submitted the malware that uses Ehdoor to a testing service.
South Asia, a hotbed of geopolitical tensions: FireEye's Tim Wellsmore
Symantec said Ehdoor was used in 2016 to target governments/militaries in Mid-East, India, and Pakistan among some others. Security experts say these campaigns are "a targeted effort for South Asia." FireEye's Director of Asia-Pacific Threat Intelligence, Tim Wellsmore, said, "South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity."
