A recent report from online security firm FireEye says Indian military is facing new cyber attacks from Pakistan.
FireEye said the Pakistan-based APT group is conducting suspected intelligence collection operations against South Asian political and military targets.
FireEye Labs in a May 2016 report said that this threat group sending spear phishing emails to Indian government officials.
On May 18, 2016, the group registered a fake news website and sent spear phishing emails to Indian government officials. The emails referenced the Indian Government’s 7th Central Pay Commission, a topic of interest among officials.
“It’s critical for Indian organizations to bring together the technology, expertise and threat intelligence necessary to quickly detect and respond to these attacks,” said Bryce Boland, chief technology officer for Asia Pacific at FireEye.
The group sent emails to government officials from timesofindiaa.in, a fake news domain registered by the attackers. The group attached a malicious Microsoft Word document to the emails, which pretended to be sent by an employee of The Times of India. They requested the recipient open the attachment about the 7th Pay Commission.
The attachment is designed to create a backdoor called the Breach Remote Administration Tool (BreachRAT). FireEye says the software allows the attacks to download and run new programs, upload files from the victims’ systems to the attackers’ servers, and a variety of other functions.
One of the recipient email addresses was publicly listed on a website, suggesting that the actor harvested the other non-public addressees through other means.
FireEye in March 2016 revealed that the same Pakistan group conducted cyber attacks against Indian targets and Pakistani dissidents since 2013. They were observed using malicious documents hosted on websites about the Indian Army, instead of sending these documents directly as an email attachment.
image by Femina