According to a report by US-based threat intelligence firm, Black Lotus Labs, an advanced persisted threat (APT) group associated with Pakistan is attacking vital Indian Government installations. Researchers told that the group has the ability to capture sensitive information which includes screenshots, keystrokes, and files from the affected system.
US Intelligence Firms Accuses Pakistani Hackers of Attacking Indian Govt Installations
The report further entails that critical infrastructure of the power sector and a government organization in India were targetted by Pakistani hackers. During the phishing attack, hackers installed a new kind of Remote Access Trojan (RAT) which is a program that allows covert surveillance and unauthorized access to victim’s computers.
In a TV interview, the Vice President of Product Security at Lumen Technologies-Black Lotus Labs, Micheal Benjamin, said,
There were a number of indicators suggesting how the campaign was carried out that led us to believe that the individuals were located in Pakistan. And from the network telemetry and network visibility that we have, we were able to ascertain that the targeting was very Indian specific, focused on power companies as well as a single government entity.
Furthermore, Benjamin said that RAT provides the attackers with access to the IT network of the power firms, however, it is not confirmed yet if the Operations Technology (OT) networks, utilized for running the power operations, were affected or not. The IP address assigned to the attackers belongs to Pakistani mobile data operator CMPak Limited, commonly called Zong 4G in Pakistan. The cyberattack indicated that the hackers, “with operational infrastructure hosted in Pakistan”, used forged PDF communication related to Covid-19 inoculation.