Cyber spy attack targeting India and Pakistan
On August 28, 2017, it was published that a report sent by cyber security company Symantec Corp. to its clients in July reveals that it identified an ongoing cyber espionage campaign since October 2016, most probably a state-sponsored one – although the name of the country was not disclosed– against several entities in India and Pakistan engaged in regional security.
The company spokesperson said that it does not comment publicly on the analysis of malware, investigations and responses to events which it provides to its clients. However, it was reported that “governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” back door to access files on computers.”
According to an information security expert, the current campaign is similar to another one which hit Qatar by software applications called “Spynote,” as well as “Revokery.” These were backdoors just like Ehdoor, which represents a focused effort in South Asia. Indeed, the company report stated that this software was used for the first time in late 2016 against government and army officials in the Middle East and elsewhere.
According to the company, the malware was installed via deceptive documents, ostensibly written by various communications officials dealing with South Asian security. Upon its installation, the malware allows the attackers to upload and download files, execute processes, document keyboard activities, identify the victim’s location, steal personal information, and take screenshots. The software has been regularly updated to provide further capabilities for the spy operations. The same has also been valid with regard to Android-based devices.
The director of the Indian CERT (CERT-In) refused to comment on the attack. However, he noted that they had taken immediate action when detecting a backdoor back in October 2016, after a Singapore group had warned them.
A senior official in Pakistan’s Federal Investigation Agency (FIA), who wished to remain anonymous, said that no reports on malware incidents were received from information technology departments in the government.
According to another cyber security expert, South Asia is a hotspot for geopolitical tensions, and where increased tensions are found, high levels of cyber espionage activity are to be expected.
