Surveillance malware used to target the Indian government and military personnel and political dissidents in Pakistan
Suspected Pakistani cyber-attack uses surveillance malware against Indian and Pakistani entities. A cyber threat suspected to have originated in Pakistan, targeted users in India and Pakistan, using malicious software to target the Indian government and military personnel and political dissidents in Pakistan and infiltrate surveillance malware. This information was disclosed in a recent report by cybersecurity firm FireEye.
“The line between real world conflict and cyber conflict continues to blur. Wherever you see geopolitical tensions you are likely to find cyber campaigns with surveillance malware beneath the surface.
According to FireEye, the surveillance malware has been working “since at least 2013”. FireEye said the group behind the attacks most likely reached targets in both India and Pakistan by sending spear phishing emails with surveillance malware attachments. Phishing attacks are usually in the form of an email from a trusted source asking for personal information such as passwords, bank details, personal details, or it could mimic an existing website or webpage and trick a user into entering confidential information on the page.
The baits used in the emails were related to regional military and defense issues, often involving India-Pakistan relations and current events, said FireEye in a statement. Even though the origin of the attacks is unknown, FireEye said “the significant use of Pakistani infrastructure for command and control, the nature of lure themes targeting Pakistani separatists and Indian military entities, and borrowed news titles from prominent Pakistan news outlets may indicate a potential Pakistani threat sponsor.”
The cybersecurity firm identified the malware, or malicious software as a robust surveillance malware called SEEDOOR. It is often initially delivered to a target computer system by a downloader. SEEDOOR then creates a backdoor to the victim’s system, and can interact with the file system on the computer, simulate mouse clicks, start and terminate processes, transfer files, take screenshots of the desktop, record sound from a microphone, record and take snapshots from webcams, and in some cases collect Microsoft Outlook emails and attachments, it said.
Among the themes used to bait an email recipient into clicking malicious links or attachments were terror attacks, Afghanistan and references to defense and military operations and training.
More Here [economictimes]