Iranian cyberattack hit multiple Pakistani telecoms and extracted trove of data using virtual tunnel

[Aspen]

A group of Iranian hackers has targeted three telecom firms in Pakistan and breached data servers, revealed a cyber security company, Symantec.

While the report does not reveal the names of the companies that were targeted, it discloses that the group uses virtual “tunnels” to stay connected to the victims’ machines without a trace.

Using virtual tunnel technique, they can also access other machines on the same network to extract valuable information.

Jon DiMaggio, senior cyber threat analyst at Symantec explained, Iranian “Greenbug” is capable to breach telecom network repeatedly. “As we would close one door, they would attempt to come back from another.”

Besides, this is not the first time a hacker group has been involved in cyberattacks against telecom companies. According to Symantec, 18 different groups linked to various governments around the globe targeted telecom firms in 2019.

Telecom companies will always get these cyberattacks because they have valuable information in their databases, says Symantec. Big telecom companies like AT&T and Verizon have heavily invested in protection against cyberattacks, however, not all companies have the same resources.

The reports recommended firms to keep their systems up to date with the latest security tools and features. There are tools that can automatically eliminate vulnerabilities from the databases of companies.

https://thecurrent.pk/iranian-hackers-attack-3-major-pakistani-telecom-companies/

 

[Aspen]

Apparently Pakistani telecoms were not even aware they had been hacked until informed by security researchers monitoring virtual tunnels.

Under a program code named "Greenbug," Iranian hackers extracted data on spy targets in Pakistan by breaching data servers of Pakistani telecoms.

Iranian hackers used a technique known as a virtual tunnel that allowed them to break into Pakistani data servers while being untraceable, placing a backdoor in Pakistani telecoms that allowed Iranian hackers to enter repeatedly using different exploits each time and extract data for months.

Weak security of Pakistani telecoms made it an easy target for Iranian hackers to breach. It is unclear if the exploit has been fixed.

However, this is a much needed wake up call for Pakistan which has ignored the need for a dedicated Pakistan cyber force for many years and continues to ignore it.

If this causes Pakistan to finally wake up, Iran may have actually done Pakistan a favor by exposing the weakness and holes in Pakistani cyber policy.

 

[Dalit]

Not surprising. IT security at Pak corporations and even governmental level is definitely pathetic to say the least. The door is open for hackers.

When NADRA can get hacked by foreign spying agencies I don't have much hope for others. Personal data of millions of Pakistanis is sold on the dark web.

 

[Aspen]

Not surprising. IT security at Pak corporations and even governmental level is definitely pathetic to say the least. The door is open for hackers.

When NADRA can get hacked by foreign spying agencies I don't have much for others.

Agree 100%

If Pakistan IT security is this weak in 2020, they deserved to be exposed like this so they will finally wake up.

Pakistan should have strong cybersecurity and be able to conduct cyberattacks on others. Right now we don't have either.

 

[Mugen]

Apparently Pakistani telecoms were not even aware they had been hacked until informed by security researchers monitoring virtual tunnels.

Under a program code named "Greenbug," Iranian hackers extracted data on spy targets in Pakistan by breaching data servers of Pakistani telecoms.

Iranian hackers used a technique known as a virtual tunnel that allowed them to break into Pakistani data servers while being untraceable, placing a backdoor in Pakistani telecoms that allowed Iranian hackers to enter repeatedly using different exploits each time and extract data for months.

Weak security of Pakistani telecoms made it an easy target for Iranian hackers to breach. It is unclear if the exploit has been fixed.

However, this is a much needed wake up call for Pakistan which has ignored the need for a dedicated Pakistan cyber force for many years and continues to ignore it.

If this causes Pakistan to finally wake up, Iran may have actually done Pakistan a favor by exposing the weakness and holes in Pakistani cyber policy.

Pakistan never wakes up. It is suffering from the same sort of problems since forever, it even fails to fix much more obvious and apparent problems.

 

[arjunk]

A Lahori man made the first computer virus

But today we have sunk to this level of incompetency?! We need to press the RESET button on a bunch of sectors.

 

[Aspen]

Pakistan never wakes up. It is suffering from the same sort of problems since forever, it even fails to fix much more obvious and apparent problems.

I have been saying for a long time that Pakistan needs 3 new branches of military immediately:

Pakistan Cyber Force (PCF)
Pakistan Drone Force (PDF)
SUPARCO redone from scratch

Iran has a cyber force, a drone force, and a functional space program, the difference between Iran and Pakistan is clear

A Lahori man made the first computer virus

But today we have sunk to this level of incompetency?! We need to press the RESET button on a bunch of sectors.

Exactly

 

[QWECXZ]

Have Pakistani media published more information or not yet? Do you know what kind of information they were looking for?

Hitting telecom companies doesn't make sense to me. Maybe they were trying to eavesdrop on important people?

 

[skyshadow]

if this was done on behalf of Iran then i condone it but if U.S networks stationed in PK were only targeted then it's okay if not then that was a bad move on an brother country

 

[Aspen]

Have Pakistani media published more information or not yet? Do you know what kind of information they were looking for?

Hitting telecom companies doesn't make sense to me. Maybe they were trying to eavesdrop on important people?

I don't think Pakistani media has any clue that this hack even happened since few people in Pakistan think about cyberattacks. But I saw it reported several places and honestly would not surprise me if it did happen.

The virtual tunnel Iran used is an interesting technique, it would have been almost untraceable without special monitoring from security researchers, there is no way Pakistan could have detected it with the pathetic current state of Pakistani IT cybersecurity architecture. The fact that they were able to keep extracting data for months suggests that either Iranian hackers placed some kind of backdoor in Pakistani telecoms to allow them to keep getting back in after an exploit got plugged or Pakistani IT did a shoddy job of plugging it in the first place.

Iran used a similar technique some time back by placing backdoors in VPN's of US companies in Operation Fox Kitten using known zero day security exploits released by researchers that were not fixed by US companies. It was stupidly easy to do and so obvious that it shouldn't have been possible but it worked because a lot of companies are too lazy to fix exploits until they get hacked. So those published and publicly available security exploits on the internet were open for anyone to use, Iran fished around on US VPN's for months before US companies had any clue what was going on, but then it was too late because Iran had already planted the backdoors in hundreds of US companies and got all the data it needed to get back in.

https://www.zdnet.com/article/irani...lant-backdoors-in-companies-around-the-world/

The Pakistani telecom hack seems more sophisticated than the US VPN hack mainly because Iran didn't use any publicly available exploit but also because of the use of a virtual tunnel which was not used in the US VPN hack.

Pakistanis in general need a lot more awareness about cyber capabilities and Pakistan gov't is setting a bad example by not setting up a Pakistan Cyber Force and recruiting Pakistani hackers to create awareness.

I will not lie that I am envious of Iran's Cyber Force and wish Pakistan had something like that.

As far as what Iranian hackers were going after, I think they had some specific spy targets whose data they extracted using Pakistani telecoms. Would not surprise me if they managed to use some malware to eavesdrop on spy targets in Pakistan.

 

[QWECXZ]

I don't think Pakistani media has any clue that this hack even happened since few people in Pakistan think about cyberattacks. But I saw it reported several places and honestly would not surprise me if it did happen.

Pakistanis in general need a lot more awareness about cyber capabilities and Pakistan gov't is setting a bad example by not setting up a Pakistan Cyber Force and recruiting Pakistani hackers to create awareness.

I will not lie that I am envious of Iran's Cyber Force and wish Pakistan had something like that.

As far as what Iranian hackers were going after, I think they had some specific spy targets whose data they extracted using Pakistani telecoms. Would not surprise me if they managed to use some malware to eavesdrop on spy targets in Pakistan.

Honestly, as an Iranian, I don't know if this report is true or not, but assuming that it's true, I really hope they have stolen some nuclear information (particularly with military dimensions) too because Pakistan is ahead of us in nuclear technology and such information can be very useful for us in future.

 

[W.11]

time to return the favour?

regards

 

[Aspen]

time to return the favour?

regards

Pakistan would need a Cyber Force for that which we don't have

Sometimes I wish I could throw a bucket of water on Bajwa so he could wake the hell up and create a Pakistan Cyber Force

 

[W.11]

Pakistan would need a Cyber Force for that which we don't have

Sometimes I wish I could throw a bucket of water on Bajwa so he could wake the hell up and create a Pakistan Cyber Force

corrupt colonial era generals are more busy amassing wealth and plots and extending their legal time period than care about the country. Its because of such generals, the country is in a mess in the first place.

regards

 

[Azadkashmir]

how do you know its iran not some other isreal got the best operation talpiot.