In today’s era of advanced technology and Artificial Intelligence (AI), various installations, including government websites and educational institutions, face escalating risks of cyber espionage from a hacker group aligned with Pakistan. These hackers have initiated a new spying endeavor aimed at the Indian government and universities, as well as key establishments, to obtain sensitive information by disrupting systems using spyware and malware. Researchers at cybersecurity firm Cyfirma have raised concerns about this covert operation, revealing the tactics employed by these cyber spies.
“The operation commences with spear-phishing emails containing a malicious file disguised as a PDF within a ZIP archive. Upon opening, the file deploys two malware components known as ReadOnly and WriteOnly,” as reported by The Record, which highlighted instances of security breaches. The malware infiltrates victims’ systems, adapting its actions based on the antivirus software installed. Cyfirma indicates that this can enable remote control of infected devices, compromise confidential data, and conduct continuous surveillance, such as capturing screenshots, monitoring clipboard activities, and facilitating remote desktop access.
This surveillance capability could also be utilized to pilfer overwritten copied data, granting attackers the ability to intercept cryptocurrency transactions. The clandestine surveillance has been linked to APT36, also recognized as Transparent Tribe, a persistent threat actor accused of spying on governmental entities, military-affiliated organizations, and universities. While Transparent Tribe has been characterized as less technologically sophisticated than some rival espionage groups, researchers acknowledge its persistence and capacity to adjust strategies over time.
APT36, operational since 2013, has been associated with cyber-espionage initiatives targeting governmental and military entities in India and Afghanistan, along with institutions in approximately 30 nations.
