Pakistan The Latest Cyberspying Nation

  /     /     /  
Publicated : 22/11/2024   Category : security


Pakistan The Latest Cyberspying Nation


A look at Operation Arachnophobia, a suspected cyber espionage campaign against India.



A recently unearthed targeted attack campaign suggests that Pakistan is evolving from hacktivism to cyber espionage.
Operation Arachnophobia, a campaign that appears to have begun in early 2013, has all the earmarks of classic advanced persistent threat/cyber espionage activity but with a few twists of its own -- including the possible involvement of a Pakistani security firm.
Researchers from FireEye and ThreatConnect recently teamed up in their investigation of the attacks, which feature a custom malware family dubbed Bitterbug that serves as the backdoor for siphoning stolen information. Though the researchers say they have not identified the specific victim organizations, they have spotted malware bundled with decoy documents related to Indian issues.
The Bitterbug malware is geared for cyber espionage purposes and was hidden behind pilfered US infrastructure as a way to hide its origins. Specifically, the attacks employ infrastructure from a US virtual private server. The Pakistani hosting provider appears to have leased its command and control infrastructure from a US VPS provider. Its where the malware is hosted and used for command and control, says Rich Barger, chief intelligence officer at ThreatConnect. The goal was to make the attacks appear to come from the US.
Operation Arachnophobia may well be
Pakistans answer to cyber espionage campaigns against its nation
that appear to have come from India. It was engineered to collect standard Office documents on your desktop, Barger says. It was very close to Operation Hangover activity… for which India was purportedly responsible.
Cyber espionage appears to be on the upswing in the region. Iran recently moved from a defacement-happy operation in the name of political hacktivism to cyberspying campaigns such as the so-called
Operation Saffron Rose
targeting US defense contractors and Iranian dissidents.
We know about Russia and China… India and Pakistan has room to grow and mature, Barger says.
Operation Arachnophobia was named after the Pakistani security firm Tranchulas, whose name appeared in some of the malware samples studied by FireEye researchers. The Tranchulas name was in a string of the malware, says Mike Oppenheim, principal threat intelligence analyst at FireEye. Tranchulas was supposedly a security company that does penetration testing. The researchers say it supports national level cyber security programs and the development of offensive and defensive cyber capabilities.
The researchers found major discrepancies in emails between them and Tranchulas and the Pakistani hosting provider, which led them to dig further. Thats where they discovered the hosting provider had been subleasing insfrastructure from US providers, and both Tranchulas and the Pakistani hosting provider have employed or have connections with people with cyber offensive expertise.
According to the researchers, since they published a whitepaper on their findings this month, the operation appears to have come to standstill for now.
The full report is available
here
(registration required).

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Pakistan The Latest Cyberspying Nation