NewKerala.com

Pakistan-Linked Hackers Target Indian Govt & Universities in Cyber Espionage Plot

Cybersecurity firm Cyfirma has uncovered a new cyber espionage campaign by the Pakistan-linked hacker group APT36, also known as Transparent Tribe, targeting Indian government portals and academic institutions. The attack begins with spear-phishing emails containing a malicious ZIP file disguised as a PDF, which delivers spyware components called ReadOnly and WriteOnce. This malware embeds itself on victims' systems, allowing remote control, data theft, clipboard monitoring, and even potential hijacking of cryptocurrency transactions. The group, active since 2013, is known for targeting government and military organizations in India and Afghanistan, among roughly 30 countries.

Key Points: Pakistan Hackers Target Indian Govt, Universities: Cyber Espionage

  • New cyber espionage campaign targets India
  • Linked to Pakistan-aligned APT36 group
  • Uses malicious PDFs to deliver spyware
  • Aims to steal sensitive government and academic data
  • Campaign active since 2013 across 30 countries
2 min read

New cyber espionage campaign against Indian govt, varsities; researchers unmask plot: Report

Cybersecurity researchers expose APT36 hacker group's new spyware campaign targeting Indian government portals and academic institutions for data theft.

New cyber espionage campaign against Indian govt, varsities; researchers unmask plot: Report
"The operation begins with spear-phishing emails carrying a ZIP archive containing a malicious file disguised as a PDF. - The Record"

New Delhi, Jan 4

In an age of cutting-edge technology and Artificial Intelligence, several installations, including government portals and academic institutions, are under increased threats of cyber espionage, purportedly driven by the Pakistan-aligned hacker group, said a news report.

According to the report, Pakistan-linked hackers have launched a new spying campaign targeting the Indian government and universities, including strategic institutions, to procure sensitive information by making the system defunct with the use of spyware and malware.

The sinister campaign has been flagged by researchers at the cybersecurity firm Cyfirma, which claims to have unearthed the modus operandi of these cyber spies.

"The operation begins with spear-phishing emails carrying a ZIP archive containing a malicious file disguised as a PDF. Once opened, the file delivers two malware components, dubbed ReadOnly and WriteOnly," The Record reported, citing instances of security breaches.

The malware gets embedded on victims' systems, adjusting its behavior based on which antivirus software is installed.

According to Cyfirma, this can remotely control infected machines, compromise classified data and carry out persistent surveillance - including taking screenshots, monitoring clipboard activity and enabling remote desktop access.

According to the report, this could also be used to steal overwritten copied data, allowing attackers to hijack cryptocurrency transactions.

The secret surveillance has been attributed to APT36, also called Transparent Tribe, a long-running threat actor accused of spying on government bodies, military-linked organisations and universities.

While researchers have previously described Transparent Tribe as less technically advanced than some rival espionage groups, they have also noted its persistence and ability to adapt tactics over time.

According to the report, APT36 has been active since 2013, and linked to cyber-espionage campaigns targeting government and military organisations in India as well as Afghanistan, as well as institutions in roughly 30 countries.

- IANS

Share this article:

Reader Comments

S
Sarah B
The spear-phishing tactic is so common, yet so effective. It all comes down to user awareness. Every government employee and university researcher needs mandatory, regular cybersecurity training. A single click can compromise everything. 😟
V
Vikram M
APT36 active since 2013? That's over a decade! This shows a serious lack of proactive defense. We're always reacting. Time for a dedicated cyber command with real offensive capabilities to deter such groups.
P
Priya S
While the threat is real, I hope this report leads to action and not just fear-mongering. Our agencies are capable. Public-private partnerships with firms like Cyfirma are the way forward. Jai Hind!
R
Rohit P
The part about hijacking crypto transactions is scary for the financial sector too. It's not just government data. This is a wake-up call for all of us to update our software and be vigilant about emails.
K
Kavya N
Respectfully, our universities are especially soft targets. PhD scholars and professors often use personal devices for work and click on anything. We need a cultural shift towards security, not just more rules.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50