India has been facing continued threats from suspected Pakistan-based cyber attackers for the last few years, with online criminals sending phishing emails containing malware aimed at country’s defence establishments, cyber-security firm FireEye said Wednesday.
A cyber threat operation in which malware ‘Seedoor’ was used has been targeting in India since at least 2013, FireEye said in a report.
“The threat group behind the operation likely reached its targets by sending spear phishing emails with malware attachments. The lures used in the email were related to regional military and defense issues, often involving India-Pakistan relations and current events,” it said.
Stating that establishments both in India and Pakistan were targeted, FireEye said “suspected Pakistani threat actor used surveillance malware against Indian and Pakistani entities.” It however neither identified the location of the cyber-attacks nor the success ratio. It did not say if the attackers succeeded in penetrating any sensitive establishment.
“Robust surveillance malware Seedoor was likely distributed via spear phishing emails about current events, defense issues and women,” the report said.
Based on the themes used in the emails and decoy documents, it is likely the threat actor intended to target Indian government and military personnel, as well as political dissidents in Pakistan in order to collect intelligence, it added.
“The line between real world conflict and cyber conflict continues to blur. Wherever you see geopolitical tensions you are likely to find cyber campaigns beneath the surface,” FireEye chief technology officer Asia Pacific Bryce Boland told PTI. He however declined to comment on the scale of these attacks or potential damage.
Seedoor’s built-in functionality includes interacting with the file system, simulating mouse clicks, starting and terminating processes, transferring files, making recordings and screenshots of desktop, recording sound from microphone, recording and taking snapshots from webcams, and in some cases collecting Microsoft Outlook emails and attachments.
“The threat actor used a variety of lures focused on defence and military topics, as well as issues pertinent to India-Pakistan relations, including regional areas of conflict such as Afghanistan or, separately, Balochistan (a Pakistani province),” Boland said.
In multiple instances, the threat actor named the malware attachments the title of news articles from popular Pakistan news sites, including Dawn and the Express Tribune, he added.
The threat actor also used images of women, including several associated with India or Pakistan, the report said.