Latest News
- Union Of Petroleum Workers Calls For A May 1 Holiday For The Wor...
- MPW Prepares For Impending Rains With Proactive Measures
- Kuwait Ministry Of Health Unveils 2024 National Anti-Smoking Pro...
- The Kuwait University Council Will Discuss AI Policy Adoption
- The Customs Union Has Halted Sit-in, Waiting For Further Develop...
- Experience Scattered Rain And Thunderstorms AheadI In Kuwait
- The Ministry Simplifies The Payment Process For 'Your Fear Is Th...
- Kuwait Oil Company Explores Renewable Energy And Green Hydrogen...
- Kuwait's Model Houses Stay The Same Height
- Service Commission's Haphazard Structure Hits Public Sector Job...
- 11 Establishments Were Closed Down For Violating Industrial Laws
- A Massive Campaign Is Underway To Raze Encroachments
Clickbait - Spy Malware Unleashed On India, Pakistan
Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.
In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.
The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.
The detailed report on the cyber spying comes at a time of heightened tensions in the region.
India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.
A spokesman for Symantec said the company does not comment publicly on the malware analysis, investigations and incident response services it provides clients.
Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.
“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”
;To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.
The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.
In response to frequent cyber-security incidents, India in February established a center to help companies and individuals detect and remove malware. The center is operated by the Indian Computer Emergency Response Team (CERT-In).
Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.
Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.
A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.
;A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service. The spokesman requested anonymity, citing company policy.
Another FireEye official said the attack reported by Symantec was not surprising.
"South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity," said Tim Wellsmore, FireEye's director of threat intelligence for the Asia Pacific region.
The Symantec report said the 'Ehdoor' backdoor was initially used in late 2016 to target government, military and military-affiliated targets in the Middle East and elsewhere.
Trending News
-
Kuwait Airways Introduces Convenient Home Luggage...
15 April 2024
-
Expat Residency Law Amended By Kuwait Ministerial...
20 April 2024
-
Two Expats Are Arrested For Stealing From Salmiya...
17 April 2024
-
Kuwait Airways Resumes Flights To Beirut And Oman...
15 April 2024
-
Temperature Increases Cause Electricity Load Index...
21 April 2024
-
Work Permits Will Be Issued For One Year Under The...
27 April 2024
-
Ministry Announces Separate Time For Amnesty Seeke...
21 April 2024
-
3 Expats Caught In Salmiya With 213 Bottles Of Loc...
23 April 2024
-
Thief Returns Stolen Money With An Apology Letter...
15 April 2024
-
The Ministry Connects With Violators Of Residency...
23 April 2024
Comments Post Comment