Tranchulas, a firm based out of Islamabad, was responsible for a major cyber attack against the Indian government and defense computer systems in the last two years. This was brought to light by the U.S. based security and malware analysis firm, FireEye.
The report was concluded after an investigation that lasted over two years. FireEye says that the attacks were carried out through leased U.S. based hosting services and are still ongoing. The Indian government has denied these high level cyber attacks. A government official stated that only sites containing public data were affected and the culprits for that attack weren’t identied.
Tranchulas, the firm accused of carrying out the attack, has close ties to the Pakistani government and has often stated that it is helping the Pakistani government prepare in a cyber war against India.
According to FireEye, the cyber attack was carried out by sending a flood of emails with subject lines that tricked government officials into thinking they were legitimate. ‘Sarabjit Singh’, ‘Devyani Kobragade’, ‘Salary hikes for government employees’ were only some of the subject lines used.
Once the officials opened the emails, the malicious software contained within them infected the government computers and extracted anything of value. FireEye says the software has been active since the first half of 2013 and the code contains the name of a Tranchulas employee, Umair Aziz.
Michael Oppenheim, a threat intelligence analyst at FireEye said:
Once we confronted Tranchulas, the malware was modified and all references to the company were removed and replaced with some strings with Cert-In (Indian computer emergency response team) to masquerade themselves and show that the attacks were being carried out by Indian Cert.
Why did you not get in touch with Tranchulus for their side of the story?
Good Point
they will surely say we never did this :P ” Jo Khuch Karwa Raha hai Amreeka Karwa raha hai” .. :)
kitni buri baat ha…LOL…image FireEye has no shame in their eyes that they can’t confront US govt.
the attacks were carried out through leased U.S. based hosting services and are still ongoing…… seriously, who does that with a leased software ????
I think that is just a way of saying they used VPS or cloud providers based in US. Not software.
seems like shameless self promotion story from Tranchulus.
Either tranchulas is immature or amateur… fundamental mistakes.. or a cheap publicity stunt by tranchulas and this scribe!