FireEye security researchers have discovered a new wave of attacks against Indian government officials, yet again linked to Pakistan, just likein February and in March.
The security firm reports that starting with May 18 Indian officials have been receiving a wave of spear-phishing emails masking as news items from a Times of India look-alike domain.
The emails either contained malicious file attachments or they included a link redirecting users to a domain where a drive-by download attack would secretly take place and download malware on the user’s computer.
If the users received a malicious attachment instead of a link, then the file would be a Microsoft Office document that exploited the CVE-2012-0158 vulnerability to install malware.
APT group used a new RAT called BreachRAT
FireEye says the group used a new Remote Access Trojan, which the company named BreachRAT. Previously the group had used the njRAT, DarkComet, and the MSIL/Crimson RATs.
Once infected the trojan would allow the attackers to take snapshots of the user’s desktop and log keystrokes.
This data would then be transfered to a C&C server previously used in other operations against the Indian government, tied in the past to persons living in Pakistan.
Does it surprise anyone that Pakistan is spying on India?
FireEye says that this campaign targeted random officials in the Indian government. Previously the Pakistani-linked APT has targeted Indian embassies in Kazahstan and Saudi Arabia, along with Indian military officials.
Besides the Pakistani APT, Symantec also reported on the Chinese-linked, which targeted Indian private businesses.
India, who is one of the world’s biggest economies, has an important role to play in geo-politics, so it is to no surprise that various groups target its infrastructure. Nevertheless, its relationship with Pakistan is more complicated due to the numerous border wars the two countries were engaged in.
“It comes as no surprise that cyber attacks against the Indian government continue, given the historically tense relations in the region,” FireEye’s Yin Hong Chang and Sudeep Singh concluded in.