A recent cyber espionage campaign generating from Pakistan involves India as its primary target, recent reports from FireEye and ThreatConnect have suggested.
This international level cyber espionage operation is dubbed as “Arachnophobia” and was apparently started in early 2013 involving a Pakistani Cyber Security firm possibly funded by Pakistan Government. It is not known whether the Cyber Security firm is a government entity or not.
Operation Arachnophobia has all features of a advanced cyber espionage activity which feature a custom malware family dubbed Bitterbug malware (Trojan horse) which opens a backdoor on the compromised system or computer and enables its operator to remotely download and execute files/Documents on the infected computer.
While the researchers did not specify any particular Indian Government organization as the target, however, they did said that they have spotted malware bundled with decoy documents related to mostly Indian issues of national interest.
The Pakistani security firm used a US virtual private server to hide there identity, the malware which was hosted on the U.S VPN server, used to receive the command and send the stolen documents to a server hosted and located in Pakistan.
On studying few samples of the malware, researchers found that, “The ‘Tranchulas’ name was present in a string of the malware. Incidentally, Tranchulas is a Islamabad, Pakistan based Security Company with its link to Pakistani Government. the offensive cyber initiative services offered by Tranchulas is offered to “national-level cyber security programs” suggesting a commercial demand from “national-level” customers,” the researchers said in their report.
The Malware “Bitterbug” which was discovered by Symantec on 6th August this year and has ability to affect/infect almost all Microsoft Windows run PCs like Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Vista and Windows XP.
India and Pakistan have a known history of bitterness since the partition. while hackers from both countries have been targeting the Cyber space of one another, mostly engaging in defacing or data leaks. the allegations of Cyber-Espionage can only worsen the relations between the two countries.