Many Indian hacking groups were found involved in the cyberattacks on Pakistan and Afghanistan; the sources privy to the matter revealed that the Indian hacking groups want to steal sensitive information by carrying out cyber attacks on diplomatic missions in both countries.
Indian Hacking Groups Targeting Strategic Entities
The cabinet division has issued an advisory claiming that the threat actors are continuously targeting the strategic entities in order to extract sensitive information from them that could be used in exploitation. In this regard, a targeted campaign is also pinpointed to gain access to the user account and later extract sensitive information about diplomatic missions in Pakistan and Afghanistan.
The advisory further revealed that a phishing campaign has also been observed where the threat actors are operating via a crafted letter from the Ministry of Foreign Affairs titled “Gallery of Officers Who Have Received National and Foreign Awards.” The Indian hacking groups involved in this campaign ask recipients of foreign missions to share their personal information via email. The advisory has recommended MoFA and Diplomatic Missions vigilantly practice file integrity monitoring systems and two-factor authentication on all important accounts.
Cyberattack Under Chinese Code Name
Recently, a Chinese cybersecurity company found that an advanced persistent threat (APT) group based in India with a code name “Confucius”, launched attacks on the Pakistani government and its military. According to the Chinese cybersecurity company, Antiy, the group uses the “Confucius says” command to deliver its attacks. The Chinese firm found that in June 2021, the group used a malicious file with contents related to the list of those who died in the Pakistani army to conduct attacks. In February 2022, the threat actors used the file on the vaccination status of the government employee to conduct attacks.
Also read: Indian Hackers Steal Sensitive Information of Pakistanis Via Fake Job Postings