As India and Pakistan are embroiled in regional conflicts, cyber security firm Symantec has discovered another attack against the two nations, which is likely to be state-sponsored. In its threat intelligence report, Symantec notes that the sustained cyber espionage campaign dates back to October 2016.
The cyber spying campaign reportedly appears to be the work of several groups, with techniques suggesting ‘similar goals or under the same sponsor,’ which is most likely to be a nation state, Reuters reports. Although Symantec did not identify the likely sponsor of the attack, the company warned that governments and militaries with operations in South Asia, and interests in regional security issues, to be at risk from the espionage malware. The spyware uses ‘Ehdoor’, which is a backdoor to access crucial files on a given system. A security expert told Reuters that a similar campaign was carried out on Qatar by using programs called Spynote and Revokery.
According to the report, attackers use decoy documents related to security issues in South Asia to install the malware. These documents included reports from Reuters, Zee News, and The Hindu, which were related to military issues, Kashmir, and Indian secessionist movement. ALSO READ: North Korea’s Lazarus Group behind WannaCry ransomware attacks: Report
One installed, the malware essentially allows spies to upload or download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots. The malware is also being used to target Android devices, according to Symantec.
CERT-In Director General, Gulshan Rai, did not specifically comment on the existence of the campaign, he said, “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” However, Symantec’s report showed that the backdoor was being constantly modified to provide additional capabilities for spying operations. Meanwhile, a senior official with Pakistan’s Federal Investigation Agency denied receiving reports of such malware incidents.
The espionage attack is not surprising, given the geopolitical tensions in the two nations, according to another cybersecurity firm FireEye. Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region, said, “Wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity.” ALSO READ: Mumbai man duped of Rs 1.97 crore by online scammers on Facebook
The reports arrive at a time of heightened tensions between the two nations. On one hand, India has raised operational readiness along its border with China, while its relationship with Pakistan continue to be erratic over the Kashmir dispute.