The hackers had used a new kind of Remote Access Trojan (RAT) program. This program enables covert surveillance and gives hackers unauthorised access to the target's systems
- Jul 13, 2021,
- Updated Jul 13, 2021, 4:30 PM IST
Using a new malware program, Pakistan-based hackers attacked critical infrastructure of the Indian power sector and one government organisation earlier in 2021, explained Black Lotus Labs, threat intelligence arm of United States-based Lumen Technologies.
The hackers had used a new kind of Remote Access Trojan (RAT) program. This program enables covert surveillance and gives hackers unauthorised access to the target's systems. The Pakistan-based hackers had utilised India-based compromised domain URLs.
Micheal Benjamin, Vice President of Product Security at Lumen Technologies-Black Lotus Labs, told India Today TV, "There were a number of indicators suggesting how the campaign was carried out that led us to believe that the individuals were located in Pakistan. And from the network telemetry and network visibility that we have, we were able to ascertain that the targeting was very Indian specific, focused on power companies as well as a single government entity."
"RAT gave the attackers access to the IT network of the power companies, but it is not known if the Operations Technology (OT) networks, used for running the power operations, were affected or not," Benjamin added.
This cyber-attack indicates that the hackers, who had their "operational infrastructure hosted in Pakistan", used morphed PDF communication that was related to COVID-19 vaccination
"The IP address assigned to the hacker groups belongs to Pakistani mobile data operator CMPak Limited, popularly known as Zong 4G in Pakistan. The mobile operator is a 100 percent owned subsidiary of China Mobile Communications Corporation," Benjamin conveyed.
Different from Chinese state-sponsored cyber attacks
Benjamin explained that the recent targeting lacked characteristics that are associated with Chinese state-sponsored cyber attacks. He added that any perceived overlap with Chinese groups is highly unlikely in this case.
"Some of the mechanisms that were used here, as well as the way the actors failed to hide themselves, did not match the sophistication we typically see with state-sponsored Chinese actors. So, I would separate these actor groups," he clarified. "Past activities of these attackers suggest that those involved in this case focused mostly on India," Benjamin said