Indian Cyber-espionage Effort Targets Election, Energy Officials In Pakistan And Kashmir

A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbors, according to a report from cybersecurity company, Lookout Inc. The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside these apps and services to conduct espionage.

Experts Comments

February 12, 2021
Sam Curry
Chief Security Officer
Cybereason
The discovery of a sophisticated and targeted cyber espionage campaign against Pakistani and Kashmiri government officials is neither surprising or shocking, as nation-state attacks are par for the course for gathering intelligence, spying on and conducting reconnaissance against your regional frenemies. What is really scary is that the victims have no idea they are being targeted. As these threat actors were gathering geo-location info on targets, and knew the conversations they were
.....Read More
The discovery of a sophisticated and targeted cyber espionage campaign against Pakistani and Kashmiri government officials is neither surprising or shocking, as nation-state attacks are par for the course for gathering intelligence, spying on and conducting reconnaissance against your regional frenemies. What is really scary is that the victims have no idea they are being targeted. As these threat actors were gathering geo-location info on targets, and knew the conversations they were having and with whom and can track their physical movements, it is eerily similar to Cybereason's 'Operation Soft Cell' investigation into a global espionage campaign against telecommunications companies.
 

Rest assured, the Indian government will deny any involvement in the spying and they will quickly distance themselves from the report. Chat and dating applications are the perfect tools to use in these types of espionage campaigns because of their popularity. What is usually an afterthought is that the tools are insecure. For the threat actors to be successful, they build trust with their targets, and by duping only a handful of users to click on malicious links, they will have potentially gained unfettered access to private conversations, military secrets and other sensitive information.

 

In general, attempts by threat actors to steal military information is part of the modern cold war between nations. Instead of engineering a military assault on a country with tanks and weapons, today's military leaders command cyber warriors with the skills to penetrate their targets in stealth mode with a computer mouse and keyboard. These cyber assaults result in no bloodshed or deaths. But all along nation states are running highly targeted, persistent operations to track the conversations of high-profile individuals that they see value in spying on.

  Read Less
February 12, 2021
Paul Bischoff
Privacy Advocate
Comparitech

Tensions between India and Pakistan have been around longer than the internet, and the conflict has now extended into cyberspace. It's interesting to watch state-sponsored hackers engage in the same social engineering tactics as common cybercriminals. The malware is just a modified version of the sort of spyware used by private eyes and jealous husbands. It is dangerous because it can steal messages and other content from end-to-end encrypted messaging apps like WhatsApp after the

.....Read More

Tensions between India and Pakistan have been around longer than the internet, and the conflict has now extended into cyberspace. It's interesting to watch state-sponsored hackers engage in the same social engineering tactics as common cybercriminals. The malware is just a modified version of the sort of spyware used by private eyes and jealous husbands. It is dangerous because it can steal messages and other content from end-to-end encrypted messaging apps like WhatsApp after the messages have been decrypted locally on the device.

 

Unlike in the US, where iPhones are popular, Android is the dominant operating system in India and Pakistan, so almost everyone's device would be vulnerable to these attacks. It's worth noting that many of these apps can only be found on third-party app stores, not Google Play, so they are much more likely to contain malware. That being said, Google Play has hosted its fair share of malware as well.

  Read Less
February 12, 2021
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

The lengths these hackers are going to gain the trust of users shows how threats like this continue to change in the wild while they are also increasing in frequency. Sunbird disguises itself as security services supposedly connected to Google services, as well as local news and sports apps, and Islam-related apps. Once users run these apps, hackers are then sent a large laundry list of data, while also being able to run commands, download files from FTP servers, and scrape messages and

.....Read More

The lengths these hackers are going to gain the trust of users shows how threats like this continue to change in the wild while they are also increasing in frequency. Sunbird disguises itself as security services supposedly connected to Google services, as well as local news and sports apps, and Islam-related apps. Once users run these apps, hackers are then sent a large laundry list of data, while also being able to run commands, download files from FTP servers, and scrape messages and notifications.

 

The social engineering threats against systems will continue to grow, as the human factor is the weakest link in any protective measures taken by a company or organisation.

  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.