What's new

Indian malware campaign targeting Pakistan uncovered

Devil Soul

ELITE MEMBER
Joined
Jun 28, 2010
Messages
22,931
Reaction score
45
Country
Pakistan
Location
Pakistan
A leading anti-malware company has uncovered a wide-ranging malware campaign that appears to originate in India and seems primarily to target Pakistan with data-stealing malware.

“During the course of ESET’s investigations,” announced the company this morning, “several leads were discovered that indicate the threat originates from India and has been going on for at least two years.”

The two infection vectors used in the campaign are the Microsoft Office CVE-2012-0158 vulnerability (also used in a separate 'mens health/military' campaign earlier this year), and PE files disguised as Word or PDF files. In the former, an analyzed example sent information about the system to the domain feds.comule.com, and then downloaded a malicious binary from digitalapp.org. In the latter example, opening an email attachment would download and execute additional malware, but would simultaneously display a Word document to lull the user’s suspicions.

ESET has found several different documents following different themes. “One of these themes,” says Jean-Ian Boutin in his blog posting, “is the Indian armed forces. We do not have inside information as to which individuals or organizations were really targeted by these files. However, based on our detection metrics, it is our assumption that people and institutions in Pakistan were targeted.”

A typical clue on the targets can be found in one of the self-extracting archive attachments. It is named ‘pakistandefencetoindiantopmiltrysecreat.exe’, and unpacks to provide a document headlined ‘While exposing India’s ambitious defence policy’ – a subject that would appeal more to Pakistan than India.

A major clue to the source of the campaign comes from a code-signing certificate used in part of the campaign. Although now revoked by Verisign, it was originally issued to an Indian company calling itself Technical and Commercial Consulting Pvt. Ltd.

The payloads delivered by the campaign were all “geared towards exfiltrating data from an infected computer to the attackers’ servers,” notes Boutin – but the stolen information was not encrypted when sent back to the attacker. This, he says, “is puzzling considering that adding basic encryption would be easy and provide additional stealth to the operation.”

This is one of the more puzzling aspects of the campaign. There are signs of some attempt to disguise the malware, but little that can be called ‘stealth’. For example, many of the malicious binaries add an entry to the Windows Startup menu using a deceptive name. “While this technique allows the different components of the attack to be launched after each system reboot,” says Boutin, “it cannot be labelled as stealthy. Since targeted attacks usually try to stay under the radar as long as possible, we were surprised to see this technique used in this case.”

This is the contradiction in ESET’s discovery. The campaign is extensive and long-lasting, yet unsophisticated. But, concludes Boutin, “maybe they see no need to implement stealthier techniques because the simple ways still work.”
Infosecurity - Indian malware campaign targeting Pakistan uncovered
 
. .
This is the contradiction in ESET’s discovery. The campaign is extensive and long-lasting, yet unsophisticated. But, concludes Boutin, “maybe they see no need to implement stealthier techniques because the simple ways still work.”

this lines tell all..in the line of cyber warfare,you don't necessarily need to go to the most sophisticated way,as very simple tricks still works..why built a costly malware when a simple keylogger can do the job...
 
.
What is Pakistan's so called Cyber Army n ISI is doing other then singing songs of Aman ki Asha??
@F.O.X
 
Last edited by a moderator:
.
This proves again that Indians cannot be trusted as a nation.
 
. .
The so called ''Sophisticated'' malwares are still running on Pak computers. :D you guys can never detect them.
 
.
A leading anti-malware company has uncovered a wide-ranging malware campaign that appears to originate in India.
'Appears'! So, as usual, there is no incontrovertible evidence that Indians did it! :azn:

“several leads were discovered that indicate the threat originates from India.
'Indicate'! So, as usual, there is no incontrovertible evidence that Indians did it! :azn:

Next.....
 
.
This proves again that Indians cannot be trusted as a nation.

this happens in every part of the world.The Chinese, Pakistanis , Americans...what the hell, every one does this.What planet are you living on? The cyber espionage is way more dependable and easier to extract the crucial info then sending spies or hiring localities in Pakistan like the Americans did to get the info. There is no much risk involved in this.
 
. .
Looks like India is catching up on Cyber-warfare

Nope. This process of Cyber Warfare is not very effective towards developed countries. If we look at our threat perception(China), India is almost decades behind of China in cyber warfare. I mean this process were used by China in 2005 or before.
 
.
Nope. This process of Cyber Warfare is not very effective towards developed countries. If we look at our threat perception(China), India is almost decades behind of China in cyber warfare. I mean this process were used by China in 2005 or before.
The irony is that in spite of India being a software super power, we have yet to hone our skills in cyber warfare! After all, it's just programing malicious code to destroy/alter/extract data. This should be a cinch to our Indian programers' brains. So what's the problem? :blink:
 
.
The irony is that in spite of India being a software super power, we have yet to hone our skills in cyber warfare! After all, it's just programing malicious code to destroy/alter/extract data. This should be a cinch to our Indian programers' brains. So what's the problem? :blink:

Rightly so that India is a software super power. But hacking requires very good networking knowledge. Here China and USA are miles ahead of India.
 
.
Norwegian company names Indian firm for global cyber offensive?


NEW DELHI: A Norwegian cyber security firm has alleged that a sophisticated cyber attack infrastructure appears to originate from India, conducted by private actors with no evidence of state-sponsorship. Norman Shark, Norwegian firm, has also named an Indian company that is known to work with Indian military and intelligence as one of the possible suspects behind the attacks.

The Indian company, Appin Security Group, which figures in the report, has rubbished the claims, saying it was "totally false and very imaginative". The company pointed out that the report itself mentions "we are not implicating or suggesting inappropriate activity by Appin. Maybe someone has tried to hurt Appin by falsifying evidence to implicate them. Maybe some rogue agent within Appin Security Group is involved, or maybe there are other explanations."

Appin also pointed to a report by the Data Security Council of India questioning the credibility of the Norwegian report.

The Norman Shark report said the Indian cyber attack infrastructure "has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers."


The report said that the attackers based in India seem to have "employed multiple developers tasked with delivering specific malware", and that they appear to have "the resources and the relationships in India to make surveillance attacks possible anywhere in the world".

A senior government official said that one Indian intelligence agency had filed a report with the government a few months ago accusing Appin of wrong doings and probably compromising details of security vulnerability of one of its clients. "It is incorrect that Appin had placed details on any server which was accessible to people or in any manner it could be compromised. Appin always follows industry standard protocols for protecting data," Appin told TOI.

The Norwegian report said that the attacks seemed to target several sectors, including natural resources, telecommunications, law, hospitality and manufacturing. "It is highly unlikely that this organization of hackers would be conducting industrial espionage for just its own purposes, which makes this of considerable concern," the report said.

It added that the findings are currently under investigation by national and international authorities.

The Norman Shark report, titled "Operation Hangover", said the Indian network seems to have targeted victims in over a dozen countries. "Specific targets include government, military and business organizations. Attribution to India was based on an extensive analysis of IP addresses, website domain registrations, and text-based identifiers contained within the malicious code itself," the company said.

"This type of activity has been associated primarily with China over the past several years but to our knowledge, this is the first time that evidence of cyber espionage has shown to be originating from India," a senior official in the Norwegian company said in a statement.

For years now there have been several international reports, making several claims on cyber attacks. Most of these reports, including US official estimates have blamed hackers based in China, especially some units of the Chinese military of carrying out such attacks. Indian investigators have also found evidence of hackers based in Russia, central Asia etc of carrying out attacks on Indian targets. America's CIA and Israel's Mossad have famously used intrusive network attacks to target Iranian nuclear capabilities.

Norwegian company names Indian firm for global cyber offensive? - The Times of India
 
.
Pakistan should attain some sort of cyber crime fighting expertise so it can protect Pakistanis from Indian fraudsters and others. Many innocent Pakistanis are falsely framed on the basis of cyber intelligence. I noticed such cases myself when I was in Canada. I witnessed 8 cases of false framing and in each one there was no evidence against the so-called culprit except internet evidence. Everyone knows while people are being monitored intelligence agencies constantly visit the home. The defence lawyer stated in the defence in one of the cases in America that intelligence agencies had framed the client by hacking into the man being framed laptop and making slanderous comments.

My worry is we Pakistanis seem to be stuck in the middle. The government/army should be protecting us from not only the terrorists who batter us continually but also against foreign states seeking to frame Pakistanis. I get depressed when I see the situation in Pakistan. I imagine and wish for a Pakistan that is rich, strong and independent. Instead they are likely to frame me on false charges just to get some claps on the back from their unreliable allies.

Pakistan should establish a cyber crimes cell and make intensive efforts to protect Pakistanis on the internet.
 
.
Back
Top Bottom