Symantec Corp, a digital security company, has found evidence of a cyber spying campaign that targeted both Pakistani and Indian security agencies.
According to Symantec’s threat intelligence report, the malware attack against the two countries has been going on since October 2016. They also said that it looks like that several groups have been involved in this.
They say that even though a lot of groups have been involved in this, it seems like all of them are working towards the same agenda. Symantec hasn’t ruled out the possibility of the attack being financed by a single sponsor, possibly a state.
Reuters also reviewed the case but did not name the nation behind it.
Even Symantec has refused to give any more comments on the subject saying that they don’t release any information about the clients they work for. They are not willing to give any information regarding malware analysis, investigations and incident response services they are providing to their clients.
The timing for this report cannot have been worse. The relations between the two neighboring countries continue to be sour over the Kashmir issue. There has also been tension brewing between India and China after a face off in Bhutan, in a disputed area between the two countries.
Symantec did not give any names as to who is behind the espionage. What they did say was that the real threat this malware poses to the militaries working in South Asia.
The attackers have been using a back door by the name of “Ehdoor” to steal sensitive documents.
“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity.
“They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”
How Is The Malware Working?
The report says that to enter the system, the hackers have been using bogus articles related to different security issues in the South Asia. The news are usually disguised as stories from Reuters, Zee News, and The Hindu.
The malware then allows them to upload download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots.
The same malware is also being used to target Android devices.
After the very frequent cyber-attacks, India established a center which will work in defeating this malware. CERT-In, the organisation in India, has not specifically commented on the issue raised by Symantec but they say that they were warned about the backdoor by a company in Singapore and have taken measures to ensure their safety.
An official from Pakistan’s Federal Investigation Agency has reported that no official report has been received by them about any cyber-attacks from the government.
Another cyber security company by the name of FireEye has reported that the malware has been turned in for testing by Pakistan.
“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.