India is being targeted by suspected Pakistan-based cyberespionage hackers, who have been posing as Indian media officials in efforts to compromise the computer systems of several Indian government officials. The hacker group has deployed spear-phishing emails in efforts to infect systems with a malicious tool that is designed to make systems more vulnerable to hacking, said a US cybersecurity firm.
According to security firm Fire Eye, the hackers created a fake news website (timesofindiaa[.]in)and sent emails referencing the Indian government's 7th Central Pay Commission, which is considered to be a topic of interest to government employees as the commission regularly reviews the pay structure for military personnel and government officials. The firm also noted that suspected Pakistani APT (Advanced Persistent Threat) group has been active for several years and has been conducting intelligence-gathering operations against various South Asian military and political targets.
Fire Eye security researchers Sudeep Sing and Yin Hong Chang said: "On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and military targets. In this latest incident, the group registered a fake news domain, timesofindiaa[.]in, on May 18, 2016, and then used it to send spear phishing emails to Indian government officials on the same day. The emails referenced the Indian Government's 7th Central Pay Commission (CPC)."
Fire Eye also noted that the hacker group's activities were identified by another security firm, Proofpoint, who in a blog post in March detailed the discovery of a cyberespionage campaign against Indian military and diplomatic resources, which they labelled Operation Transparent Tribe.
Fire Eye's analysis of the threat groups' recent activities uncovered that the hackers sent emails to Indian government officials, with a malicious Word document attachment. The malicious tool was discovered to have been specifically designed to create a backdoor called the Breach Remote Administrative Tool. The security researchers also noted that this APT group was previously not known to have used this particular malicious tool, adding the backdoor could later be used by hackers to remotely and surreptitiously breach systems and run commands.
The report about the cyberattacks comes on the heels of another similar report by Symantec which detailed yet another cyperespionage group called Suckfly targeting Indian government and private organisations with targeted spyware to extract and collect classified data.
"As with previous spear-phishing attacks seen conducted by this group, topics related to Indian Government and Military Affairs are still being used as the lure theme in these attacks and we observed that this group is still actively expanding their toolkit. It comes as no surprise that cyber attacks against the Indian government continue, given the historically tense relations in the region," Fire Eye concluded.