Tranchulas, a firm based out of Islamabad, was responsible for a major cyber attack against the Indian government and defense computer systems in the last two years. This was brought to light by the U.S. based security and malware analysis firm, FireEye.
The report was concluded after an investigation that lasted over two years. FireEye says that the attacks were carried out through leased U.S. based hosting services and are still ongoing. The Indian government has denied these high level cyber attacks. A government official stated that only sites containing public data were affected and the culprits for that attack weren’t identied.
Tranchulas, the firm accused of carrying out the attack, has close ties to the Pakistani government and has often stated that it is helping the Pakistani government prepare in a cyber war against India.
According to FireEye, the cyber attack was carried out by sending a flood of emails with subject lines that tricked government officials into thinking they were legitimate. ‘Sarabjit Singh’, ‘Devyani Kobragade’, ‘Salary hikes for government employees’ were only some of the subject lines used.
Once the officials opened the emails, the malicious software contained within them infected the government computers and extracted anything of value. FireEye says the software has been active since the first half of 2013 and the code contains the name of a Tranchulas employee, Umair Aziz.
Michael Oppenheim, a threat intelligence analyst at FireEye said:
Once we confronted Tranchulas, the malware was modified and all references to the company were removed and replaced with some strings with Cert-In (Indian computer emergency response team) to masquerade themselves and show that the attacks were being carried out by Indian Cert.