Express Computer

Home  »  News  »  FireEye reveals new cyber attacks on Indian Govt officials by suspected Pakistani group

FireEye reveals new cyber attacks on Indian Govt officials by suspected Pakistani group

News
By Ankush Kumar
0 593

FireEye revealed recent cyber attacks by a suspected Pakistan-based group against Indian government officials. On May 18, 2016, the group registered a fake news website and sent spear phishing emails to Indian government officials. The emails referenced the Indian Government’s 7th Central Pay Commission, a topic of interest among officials.

“This is another example of real world tensions reflected in cyberspace. There’s no silver bullet to fend off advanced cyber attacks. It’s critical for Indian organizations to bring together the technology, expertise and threat intelligence necessary to quickly detect and respond to these attacks,” said Bryce Boland, chief technology officer, Asia Pacific, FireEye.

The emails sent to government officials were sent from timesofindiaa.in, a fake news domain registered by the attackers. The group attached a malicious Microsoft Word document to the emails, which pretended to be sent by an employee of The Times of India. They requested the recipient open the attachment about the 7th Pay Commission.

The attachment is designed to create a backdoor which FireEye calls the Breach Remote Administration Tool (BreachRAT). FireEye has not previously observed this malicious tool used by these threat actors. It allows the attacks to download and run new programs, upload files from the victims’ systems to the attackers’ servers, and a variety of other functions.

Only one of the recipient email addresses was publicly listed on a website, suggesting that the actor harvested the other non-public addressees through other means.

The suspected Pakistan-based threat group has been active for several years, conducting suspected intelligence collection operations against South Asian political and military targets. The group is the same that FireEye revealed in March 2016 to have conducted cyber attacks against Indian targets and Pakistani dissidents since 2013. They were observed using malicious documents hosted on websites about the Indian Army, instead of sending these documents directly as an email attachment. The infrastructure used by the group is the same in both attacks.

Get real time updates directly on you device, subscribe now.

Ankush Kumar
You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image