At a time when security issues in the Pakistan-India region are at a peak, the countries have been hit by a spying malware.
Symantec Corporation, a digital security company, has reported that it has identified a sustained cyber spying campaign in the region and this campaign is likely to be state-sponsored. According to an intelligence report that Symantec sent to clients in July, this online espionage effort dates back to 2016 and it appears to be the work of several groups. While Symantec did not identify the entity sponsoring these groups, it did, however, point out that the groups are working under “similar goals or under the same sponsor”, and the sponsor could likely be a nation state.
While there is no clue as to who is the main entity that has launched this cyber spying campaign, similar attacks like this have taken place in Qatar. In a targeted spying effort on South Asia, the malware uses a backdoor called ‘Ehdoor’ to access files and it was first used in 2016 for cyber espionage purposes in the Middle East and other regions. The cyber attack on Qatar also used similar backdoors called Spynote and Revokery.
According to Symantec, clickbait plays a very important role in how this malware installs itself in people’s devices. It uses documents related to regional security published by top media houses as decoys. Once installed, the malware allows the spies to upload and download files, log keystrokes, identify a person’s location, steal personal data, take screenshots, and run other malicious programs. The malware not just installs itself on laptops but is being used to target Android devices as well.
FireEye, another cyber security company, was not surprised at all by the Symantec report. Tim Wellsmore, FireEye’s Director of Threat Intelligence for the Asia Pacific region said, “South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity.”
Symantec says that government organizations and the military with interests in South Asia’s regional security would be at the most risk from this espionage attempt. A spokesperson for the Pakistan Federal Investigation Agency said it had not received any reports of malware incidents from government’s Information Technology departments. While a spokesperson for the Indian Computer Emergency Response Team (CERT-In), did not address the issue reported by Symantec but did say, however, that, “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.”
Indian and Pakistani hackers have been hijacking websites from across the border for quite some time now. Most recently, several official websites of Pakistani ministries were hijacked by Indian hackers, while some Pakistanis defaced the Indian Revenue Service website. However, with this new cyber spying malware, both countries are under a mutual security threat and the attacker is unknown as of yet.