Indian Group Behind Hacking of Pakistani Government Institutions Discovered

An Indian hacking group is involved in attacking government websites in Pakistan.

According to the advisory issued by the National Telecommunication and Information Security Board (NTISB), the SideWinder group illegally uses Pakistani government identities to gain access to legitimate mailing systems of various departments in Pakistan.

The advisory said that the group tried to steal sensitive information from Pakistani users by infiltrating the systems of NADRA, the Pakistan Air Force, and other important institutions.

The advisory states that APT Group is involved in cyber attacks through super phishing emails including fake ones.

The group accesses the email systems of government departments using government credentials and uses malware embedded in fake emails for cyber espionage operations. According to the advisory the SideWinder group has recently targeted NADRA, Pakistan Airforce, and other important organizations to steal sensitive information.

According to the advisory, the SideWinder group is active since 2012 but it came to the limelight in 2018 when various cybersecurity researchers identified its modus operandi and its nefarious operations.

From May to October 2022, this group has also been involved in cyber-attacks on NADRA, SNGPL, FIA and other important institutions and advisories have been issued several times in this regard. The group is involved in such operations in all countries of South Asia, including Pakistan, and changes its tactics and procedures from time to time.

The NTISB has advised government departments to timely update all applications and Operating Systems using reputed and updated antivirus. The advisory has asked the government organizations to review the security of the system and use multi-factor complex passwords in each system, mobile, financial and mailing account.

The advisory has advised government officials to don’t use personal accounts on official systems & don’t share personal details and credentials with unauthorized users, websites, and applications

. The NTISB has advised government departments and officials to never install unknown and suspicious applications and never click on unknown links and attachments. The officials have also been advised to always open websites with HTTPS and avoid visiting HTTP websites.