An India hacker group, dubbed as Confucius, having certain relations with the Indian military has been spying on important Pakistani political figures, atomic personnel, military officials and other geopolitical targets in Pakistan and Kashmir. This has been reported by Bloomberg.
This hacker group has been using various spyware tools to keep a constant surveillance on prominent people. However, Confucius is more famous for commandeering legitimate web services in the South Asia region. This further extends to embedding different digital surveillance tools or malware inside common apps and services to oversee their espionage. According to a report from Lookout based in San Francisco, these hackers have been constantly targeting Pakistan’s top nuclear regulators and Indian election officials in Kashmir.
In the digital era, hackers misleading people to download files or apps that may seem user friendly to primarily end up stealing sensitive data or even gain profit from it has become a rather common trend. However, what separates Confucius from the common hacker is the level of depth the group goes to in order to make their operations successful.
The group created several knock-off web applications of major companies, such as the likes of Google, disguised as productivity tools, security tools, chatting apps to access data of users in large amount. Their work has even extended to the creation of malicious dating apps enabling them to spy on anyone who would use such apps. Once the group penetrates a device, they extract all data such as call logs, images and voice notes. This even extended to the point where the hacker group took screenshots and recorded phone calls of the targeted device.
A fine example is of when this group got into the devices of a service number owned by the Pakistan Air Force containing a list of all Air Force officials. This was determined by one of Lookout’s Security Intelligence Engineer Apurva Kumar. Furthermore, in 2017 and 2018, these hackers recorded a WhatsApp chat conversation between officials at the Pakistan Nuclear Regulatory Authority. This escalated further when this group retrieved data from an official in Pulwama region of Kashmir during an Indian national election.
Data of nearly 156 victims’ devices such as files and respective datalogs were found in unsecured servers which were used by the attack group. Since then, the espionage has been expanded to the breaching of commercial surveillance-ware tools called Retina-X Studios and remote controlling any users device through a malicious software called Sunbird. However, from these servers’ respective datalogs it was determined that these hackers are located in the northern side of India.