Pakistan-Linked Hackers Successfully Conduct Third Cyber-Espionage Campaign Against Indian Military within a Month
Operation C-Major is the name of the latest cyber-espionage campaign implemented by Pakistan-linked hackers. Trend Micro reports that the campaign targeted Indian military employees via a spear-phishing mechanism with which spyware was distributed to the victims.
As per the security firm’s analysis, spear-phishing emails were distributed through the exploitation of a vulnerability in Adobe Reader. The stolen data was sent to a command and control server based in Pakistan. As of now it is unclear whether it was the work of an individual or Pakistani intelligence.
Trend Micro’s analysis (Pdf) suggests that this wasn’t a very convincingly conducted attempt because “the attackers were unable to keep their server’s whereabouts completely hidden, leading to the discovery of information concerning the targets involved.”
It was also evident that the hackers weren’t very well-versed in malware writing techniques because their malware was coded in Visual Basic .NET and C#.
Researchers were able to access the malware’s source code completely and they also obtained the IP address of the command and control server as well as the group that stole data and that military personnel targeted. It was because these languages are very easy to decompile. It was also revealed that Indian military personnel were the only target of those behind this campaign.
Further analysis of command and control servers revealed ID scans, salary information, passport scans and taxation details of military personnel along with private data such as personal photos stored on the servers. Trend Micro researchers also found confidential material like Indian army’s strategies/tactical movements and training materials stored on the servers. That’s not all; researchers also gained information about another campaign in the pipeline, which will utilize Android malware to target Indian military.
It must be noted that this is the third successful attempt from Pakistan-linked hackers against Indian military officials within a month. The first campaign was instigated earlier this month, which was labeled Operation Transparent Tribe. The second campaign was conducted last week.
Operation Transparent Tribe was discovered by Proofpoint researchers who found that the objective was to target Indian embassies situated in Saudi Arabia and Kazakhstan. The other attempt was aimed at obtaining the logging details of Indian army officials using the popular Android app called SmeshApp. It was identified later that the information was transferred to a server located in Germany and was bought by a Karachi, Pakistan native.
As far as the latest, the third attempt is concerned security experts have dubbed it as the work of a novice. “This operation has the information theft capabilities that could be expected of the typical targeted attack – albeit not one that was particularly well-executed,” read the post by Trend Micro.
The security experts at Trend Micro, however, admitted that pretty efficient social engineering skills were at the display by Pakistan-linked cyber spies in this particular campaign.