Pakistan-based hackers targeted power sector, govt organisation in India this year | Exclusive
[Representative image] Attackers installed a new kind of Remote Access Trojan, said Black Lotus Labs (Photo Credits: Getty Images)
Pakistan-based hackers targeted critical infrastructure of the power sector and one government organisation in India earlier this year using a new malware, said Black Lotus Labs, a threat intelligence arm of US-based Lumen Technologies.
The attackers installed a new kind of Remote Access Trojan (RAT) a program that enables covert surveillance and unauthorised access to victim’s computers. The hackers used India-based compromised domain URLs.
Speaking exclusively to India Today TV, Micheal Benjamin, Vice President of Product Security at Lumen Technologies-Black Lotus Labs, said, “There were a number of indicators suggesting how the campaign was carried out that led us to believe that the individuals were located in Pakistan. And from the network telemetry and network visibility that we have, we were able to ascertain that the targeting was very Indian specific, focused on power companies as well as a single government entity.”
READ: Ransomware hits hundreds of US companies, security firm says
RAT gave the attackers access to the IT network of the power companies, but it is not known if the Operations Technology (OT) networks, used for running the power operations, were affected or not, Benjamin said.
The cyber attack suggests that the attackers, “with operational infrastructure hosted in Pakistan”, used forged PDF communication related to Covid-19 vaccination.
The IP address assigned to the hacker groups belongs to Pakistani mobile data operator CMPak Limited, popularly known as Zong 4G in Pakistan. The mobile operator is a 100 percent owned subsidiary of China Mobile Communications Corporation.
(Forged vaccination document used in the attack. Source: Lumen Technologies)
Different from Chinese cyber attacks
Benjamin said the recent development lacked the characteristics of a Chinese state-sponsored cyber attack and any perceived overlap with Chinese groups was extremely unlikely in this case.
Earlier this year, a cybersecurity company based in Massachusetts claimed a Chinese hacker group targeted India’s power sector organisations in 2020, when tensions between the two countries were high due to the border standoff.
“Some of the mechanisms that were used here, as well as the way the actors failed to hide themselves, did not match the sophistication we typically see with state-sponsored Chinese actors. So, I would separate these actor groups,” he clarified.
Past activities of these attackers suggest that those involved in this case focused mostly on India, Benjamin said.
ALSO READ: India a third-tier country in cyber warfare capabilities, report says US more powerful than China
Cyber attacks in Afghanistan
A Pakistan-based hacker network also targeted and compromised infrastructures in Afghanistan through a similar delivery mechanism. However, the number of compromised entities in Afghanistan is lower than that of India.
According to the Lumen report, the attacks successfully compromised the IT networks of at least one power transmission organisation, one power generation and transmission organisation and one government organisation.
Headquartered in Monroe, Louisiana, US, Lumen Technologies offers services like communications, network services, security, cloud solutions to businesses, the public sector and governments in more than 60 countries.
A recent report by the International Institute for Strategic Studies (IISS) found that India had made only modest progress in developing cyber security doctrine. The report positioned India among third-tier countries on a spectrum of cyber warfare capabilities.
ALSO READ: Without naming China or Pakistan, India raises issue of cyber attacks at UNSC debate
ALSO READ: Cyber attack against US IT provider forces Swedish chain to close 800 stores