Skip to main content

Pakistan-based hackers target Indian power sector, govt organisation

The hackers had used a new kind of Remote Access Trojan (RAT) program. This program enables covert surveillance and gives hackers unauthorised access to the target's systems

The Pakistan-based hackers had utilised India-based compromised domain URLs (Source: Reuters)
The Pakistan-based hackers had utilised India-based compromised domain URLs (Source: Reuters)BusinessToday.In
  • Jul 13, 2021,
  • Updated Jul 13, 2021, 4:30 PM IST

Using a new malware program, Pakistan-based hackers attacked critical infrastructure of the Indian power sector and one government organisation earlier in 2021, explained Black Lotus Labs, threat intelligence arm of United States-based Lumen Technologies.

The hackers had used a new kind of Remote Access Trojan (RAT) program. This program enables covert surveillance and gives hackers unauthorised access to the target's systems. The Pakistan-based hackers had utilised India-based compromised domain URLs.

Micheal Benjamin, Vice President of Product Security at Lumen Technologies-Black Lotus Labs, told India Today TV, "There were a number of indicators suggesting how the campaign was carried out that led us to believe that the individuals were located in Pakistan. And from the network telemetry and network visibility that we have, we were able to ascertain that the targeting was very Indian specific, focused on power companies as well as a single government entity."

"RAT gave the attackers access to the IT network of the power companies, but it is not known if the Operations Technology (OT) networks, used for running the power operations, were affected or not," Benjamin added.

This cyber-attack indicates that the hackers, who had their "operational infrastructure hosted in Pakistan", used morphed PDF communication that was related to COVID-19 vaccination

"The IP address assigned to the hacker groups belongs to Pakistani mobile data operator CMPak Limited, popularly known as Zong 4G in Pakistan. The mobile operator is a 100 percent owned subsidiary of China Mobile Communications Corporation," Benjamin conveyed.

Different from Chinese state-sponsored cyber attacks

Benjamin explained that the recent targeting lacked characteristics that are associated with Chinese state-sponsored cyber attacks. He added that any perceived overlap with Chinese groups is highly unlikely in this case.

"Some of the mechanisms that were used here, as well as the way the actors failed to hide themselves, did not match the sophistication we typically see with state-sponsored Chinese actors. So, I would separate these actor groups," he clarified. "Past activities of these attackers suggest that those involved in this case focused mostly on India," Benjamin said


Popular posts from this blog

Menon meets Karzai, discusses security of Indians

Kabul/New Delhi/Washington, March 5 (IANS) India Friday said that the Feb 26 terror attack in Kabul will not deter it from helping rebuild Afghanistan as National Security Adviser Shivshankar Menon met Afghan President Hamid Karzai in Kabul to review the security of around 4,000 Indians working in that country. Menon, who arrived here Friday morning on a two-day visit, discussed with Karzai some proposals to bolster security of Indians engaged in a wide array of reconstruction activities, ranging from building roads, bridges and power stations to social sector projects. The Indian government is contemplating a slew of steps to secure Indians in Afghanistan, including setting up protected venues where the Indians working on various reconstruction projects will be based. Deploying dedicated security personnel at places where Indians work is also being considered. Menon also met his Afghan counterpart Rangin Dadfar Spanta and enquired about the progress in the probe into the Kabul atta

Iran is losing the game to regional actors in its strategic depth

Rethink before It’s Too Late Iran is losing the game to regional actors in its strategic depth –Afghanistan. By Houman Dolati It is no more a surprise to see Iran absent in Afghanistan affairs. Nowadays, the Bonn Conference and Iran’s contributions to Afghanistan look more like a fading memory. Iran, which had promised of loans and credit worth five-hundred million dollars for Afghanistan, and tried to serve a key role, more than many other countries, for reconstruction and stabilization of Afghanistan, is now trying to efface that memory, saying it is a wrong path, even for the international community. Iran’s empty seat in the Rome Conference was another step backward for Afghanistan’s influential neighbor. Many other countries were surprised with Iran’s absence. Finding out the vanity of its efforts to justify absence in Rome, Iran tried to start its

Pakistani firm whose chemicals were used to kill US troops seeks subsidy for Indiana plant

By Jennifer Griffin, Justin Fishel Published March 22, 2013   A Pakistani fertilizer maker whose chemicals have been used in 80 percent of the roadside bombs that have killed and maimed American troops in Afghanistan is now seeking U.S. taxpayer subsidies in order to open a factory in Indiana.  The request appears to be on hold pending further review, but the situation has stirred outrage in Congress, where some accuse the Pakistani government of halting efforts to clamp down on the bomb-making.  For the past seven years, the U.S. government has known that the raw material calcium ammonium nitrate, or CAN, is making its way across the border into Afghanistan where the Taliban use it to fuel their most deadly weapons, namely the improvised explosive device. IEDs have long been the number one killer of U.S. and coalition troops.  The material largely comes from Pakistani fertilizer maker the Fatima Group. But the Pakistani government has stymied attempts by the Pentagon to stop the