A hacking group with ties to the Indian military adopted a pair of mobile surveillance tools to spy on geopolitical targets in Pakistan and Kashmir amid persistent regional tensions between the nuclear-armed neighbors, according to a report from cybersecurity company, Lookout Inc. The group is known for commandeering legitimate web services in South Asia and embedding surveillance tools or malware inside these apps and services to conduct espionage.
<div class=\"adn ads\" data-message-id=\"#msg-f:1691486995249055510\" data-legacy-message-id=\"17795e75d6034716\"> <div class=\"gs\"> <div class=\"\"> <div id=\":125\" class=\"ii gt\"> <div id=\":124\" class=\"a3s aiL \"> <div dir=\"ltr\"> <div class=\"gmail_quote\"> <div class=\"gmail_attr\" dir=\"ltr\">The discovery of a sophisticated and targeted cyber espionage campaign against Pakistani and Kashmiri government officials is neither surprising or shocking, as nation-state attacks are par for the course for gathering intelligence, spying on and conducting reconnaissance against your regional frenemies. What is really scary is that the victims have no idea they are being targeted. As these threat actors were gathering geo-location info on targets, and knew the conversations they were having and with whom and can track their physical movements, it is eerily similar to Cybereason\’s \’Operation Soft Cell\’ investigation into a global espionage campaign against telecommunications companies.</div> <div dir=\"ltr\"> </div> <div> <p>Rest assured, the Indian government will deny any involvement in the spying and they will quickly distance themselves from the report. Chat and dating applications are the perfect tools to use in these types of espionage campaigns because of their popularity. What is usually an afterthought is that the tools are insecure. For the threat actors to be successful, they build trust with their targets, and by duping only a handful of users to click on malicious links, they will have potentially gained unfettered access to private conversations, military secrets and other sensitive information.</p> <p> </p> <p>In general, attempts by threat actors to steal military information is part of the modern cold war between nations. Instead of engineering a military assault on a country with tanks and weapons, today\’s military leaders command cyber warriors with the skills to penetrate their targets in stealth mode with a computer mouse and keyboard. These cyber assaults result in no bloodshed or deaths. But all along nation states are running highly targeted, persistent operations to track the conversations of high-profile individuals that they see value in spying on.</p> </div> </div> </div> </div> </div> </div> </div> </div>
<div class=\"adn ads\" data-message-id=\"#msg-f:1691486849216893636\" data-legacy-message-id=\"17795e53d5d152c4\"> <div class=\"gs\"> <div class=\"\"> <div id=\":11z\" class=\"ii gt\"> <div id=\":11y\" class=\"a3s aiL \"> <div dir=\"ltr\"> <div> <div class=\"gmail_quote\"> <div> <p>Tensions between India and Pakistan have been around longer than the internet, and the conflict has now extended into cyberspace. It\’s interesting to watch state-sponsored hackers engage in the same social engineering tactics as common cybercriminals. The malware is just a modified version of the sort of spyware used by private eyes and jealous husbands. It is dangerous because it can steal messages and other content from end-to-end encrypted messaging apps like WhatsApp after the messages have been decrypted locally on the device.</p> <p> </p> <p>Unlike in the US, where iPhones are popular, Android is the dominant operating system in India and Pakistan, so almost everyone\’s device would be vulnerable to these attacks. It\’s worth noting that many of these apps can only be found on third-party app stores, not Google Play, so they are much more likely to contain malware. That being said, Google Play has hosted its fair share of malware as well.</p> </div> </div> </div> </div> </div> </div> </div> </div> </div>
<p>The lengths these hackers are going to gain the trust of users shows how threats like this continue to change in the wild while they are also increasing in frequency. Sunbird disguises itself as security services supposedly connected to Google services, as well as local news and sports apps, and Islam-related apps. Once users run these apps, hackers are then sent a large laundry list of data, while also being able to run commands, download files from FTP servers, and scrape messages and notifications.</p> <p> </p> <p>The social engineering threats against systems will continue to grow, as the human factor is the weakest link in any protective measures taken by a company or organisation.</p>