Skip to main content

Pakistani Cyber Criminals Targeting Indian Military Personnel In Data Theft Campaign.


A group of Cyber Attackers of  Pakistan were making target to the Indian Military Force for stealing their personnel data through a data-theft campaign in which not only social engineering but also malicious malware involved. 

When the researchers of Trend Micro observes the attacks, then they found the information about this operation which is known as  “C-Major".

Even researchers added that they discovered about the operation of those attackers that the hackers want to steal at least 160 military officer's information, their consultants, attaches and also information about the Indian re-sellers in which not only including their personal photographs, confidential documents, information about their financial records, strategies, passports and also photo IDs.

The security firms said that the attackers initiated their attacks through fake emails that will be sent to the targeted user individually. And this would be possible because the attackers use the phishing technique in which they attached the malicious PDF file and send the emails from high authorities emails such as - India's Ministry Of Defense.
Once the file is open then the vulnerability of Adobe Reader will be reduced as well as a Trojan is installed into the victim's system. And that malware can log to keystrokes as well as steal the information about the passwords, audio records, files & captured screenshots. 

But the researchers identify that the attackers are not so much sophisticated because that flaw or you can say malware is compiled by an MSIL (Microsoft Intermediate Language) that is a binary language using in Visual Studio that easily allowed to the Trojan for decompilation. 

According to TrendMicro,
The malware was compiled into an MSIL binary using Visual Studio. This means that the original source code was probably in VB# (Visual Basic .NET) or C# (the .NET version of C++). This also means that the developers weren’t aware that these programs can be decompiled in a trivial manner: the attackers provided the source code for free. No truly sophisticated attacker would have created and compiled their malware in this manner.

Even the source code of that malware consists the information about its C&C (Command & Control) servers and also Trend Micro System found that it has many directories in which stored the stolen information up to the 16Gb. 
And one of those C&C servers determined by the researchers that had been designed by hard-coded in the malware and that address point to located in Pakistan even this threat is designed for both versions Windows as well as for mobile. 
Finally, the fact comes out that the server is located in Pakistan. Whereas Trend Micro says that it's not compulsion that the hackers group are located from Pakistan because it is not proved by solid evidence. 

But the lead experts said that they believed that the attackers based in Pakistan because the attackers use the samples of malware that is uploaded onto the Virus Total then they scanned the users ID many times and the IDs will belong to the Pakistan's users. Even experts also added that less sophisticated attackers get easy success in their operations.

And finally, Trend Micro said in a report that has the details about the operations such as C-Major, “For those in charge of defending a corporate or organization network, this attack reinforces the fact that any user, regardless of rank or position,is susceptible to becoming the organization’s weakest security link. As such, while network defenders should be prepared to help prevent, or minimize the damage of attacks,people who use the said network should likewise be knowledgeable of threats that could possibly come. The need for proper user awareness training is clear.”

Last week Google removed the Pakistani App Used To Spy On Indian Army. Services of the Indian military (Army, Navy, and Air Force) along with the Central Industrial Security Force (CISF) and the Border Security Force (BSF) were targeted. According to the report, fake Facebook profiles were used to trap officers into honey traps, with more than 10 such fake profiles being used. 

Comments

Popular posts from this blog

Here Are 7 Brilliant Cheat Sheets For Linux/Unix

There's nothing better than a cheatsheet when you are stuck and need a reference. So here bringing to you 7 brilliant free cheat sheets. 




1. Unix Tool Box: An incredibly exhaustive reference for all things Linux. This document is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.

2. One page Linux Manual: Great one page reference to the most popular Linux commands, it is a summary of useful Linux commands.

3. Linux Reference Card: One great reference published by FOSSwire.

4. Linux Command Line Cheat Sheet: This is an interestingly sorted and helpful cheat sheet by cheatography.

5. Linux Command Line Tips: This is a linux command line reference for common operations. Cleanly sorted and well described.

6. Treebeard’s Unix Cheat Sheet: A great reference that shows command comparisons with that of DOS. So if you are someone who was a DOS user and has switched to Linux, this is the best one too have!

7. Linux Shortcuts and Commands:…

WhatsApp is illegal, will soon banned in India : Government

WhatsApp could have accidentally entered into troubled waters here in India by enabling its end-to-end encryption for all. The new security feature by WhatsApp is not what is required by the Indian telecom rules and WhatsApp could face a ban, if the rules are not adhered to. But not yet.
In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents.  Only the sender and the recipient are able to read the encrypted data. WhatsApp uses a 256-bit key for encryption of all chat messages, which is only known to the sender and the recipient.
Why is it not possible for WhatsApp to help decrypt users’ messages? "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us," WhatsApp founders Jan Koum and Brian Acton wrote on their blog. How…

3 Mega Acquisitions in last week affects the Internet Space of India

Qihoo 360 buys Opera in $1.2 Billion Opera Software intends to accept a $1.2 billion acquisition offer from a group of Chinese companies. The Chinese consortium includes Internet security company Qihoo 360, Internet firm Beijing Kunlun (which invested roughly$93 millioninto Grindr earlier in the year) and investment group Golden Brick and Yonglian. According to Opera, the $1.2 billion is a 56 percent premium over Opera's share price during the last 30 trading days. Despiteclaiming350 million users, the company's browser has struggled in the oversaturated Western market. China could be a profitable arena for Opera, in part because Google's Chrome browserdoes not come preinstalled on Android phones in China like it does elsewhere. In addition, doing business in China without local partners is nigh impossible, but Opera could leverage the networks of Kunlun and Qihoo 360 if the deal goes through.


Snapdeal Buys Freecharge in $400Million e-commerce marketplace Snapdeal has acquired …