MUMBAI: Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report. It did not name a state.

The detailed report on the cyber spying comes at a time of heightened tensions in the region. India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over Kashmir.

Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilises the so-called “Ehdoor” backdoor to access files on computers.

FIA official says they have not received any reports of malware incidents from IT departments

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a centre to help companies and individuals detect and remove malware. The centre is operated by the Indian Computer Emergency Response Team (CERT-In).

Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.”

Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

An official with Pakistan’s Federal Inves­tigation Agency said it had not received any reports of malware incidents from government information technology departments.

A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service.

Published in Dawn, August 29th, 2017

Opinion

Civil liberties
23 Oct 2021

Civil liberties

The late I.A. Rehman is esteemed on both sides of the border.
The Hamza factor
Updated 23 Oct 2021

The Hamza factor

A new story is quietly unfolding inside the PML-N and there may yet be a surprise twist.
What should Imran Khan do?
Updated 23 Oct 2021

What should Imran Khan do?

Making a mishmash of religion and politics won’t turn Pakistan into a welfare state. Here’s what can.
Afghan health crises
Updated 22 Oct 2021

Afghan health crises

The condition and prospects of Afghanistan’s health sector are complex and grave.

Editorial

A final push
Updated 23 Oct 2021

A final push

PAKISTAN’S hopes of exiting the so-called FATF grey list have been shattered once again. The global money...
23 Oct 2021

Kabul visit

FOREIGN MINISTER Shah Mahmood Qureshi’s flying visit to Kabul on Thursday is the first official high-level...
23 Oct 2021

Baqir’s blooper

THE remarks made by State Bank governor Reza Baqir at a London press conference have hit a raw nerve in Pakistan. In...
Spate of attacks
Updated 22 Oct 2021

Spate of attacks

Following a near-constant decline since 2016, the year 2021 has witnessed a precipitous rise in violence-related fatalities in KP.
22 Oct 2021

Libel suits

THE outcome of two libel cases recently decided by courts in England should be edifying for the government — if it...
22 Oct 2021

Education losses

A NEW report on the education losses suffered by Pakistani children due to pandemic-induced school closures sheds...