Pakistan-linked hackers are targeting critical infrastructure PSUs in India, report says

An superior continued menace (APT) group with hyperlinks to Pakistan is targeting critical Indian infrastructure of public enterprises, in accordance with a report by cybersecurity agency Seqrite, enterprise arm of Quick Heal Technologies Limited.

(Subscribe to our Today’s Cache e-newsletter for a fast snapshot of prime 5 tech tales. Click right here to subscribe free of charge.)

Seqrite is alleged to have alerted authorities authorities, and are working with them to maintain potential targets secure. It didn’t title any particular public sector enterprises in its report, however mentioned that companies associated to telecommunications, finance and energy have been focused.

The analysis agency suspects the assault to be a cyber-espionage marketing campaign launched to get entry to delicate info to realize a aggressive benefit towards India. As a part of the marketing campaign, attackers are sending out phishing emails with government-themed paperwork in an try to lure targets into opening the attachments.

The malicious actors have enhanced the assault instruments and strategies, as in comparison with final yr, to make detection troublesome, it famous.

Also Read | Data breaches expose emails, passwords of a number of authorities officers to hackers

Researchers defined the ultimate payload can seize delicate info together with screenshots, keystrokes, and information from affected system. It may execute instructions specified as a part of directions from C2 servers.

“The group can potentially steal critical intel from the government agencies and their subsequent bodies,” researchers mentioned. “They can even use that information to make more lures and target other Government departments.”

In October final yr, experiences surfaced that an APT group had focused Indian Defence items. The newest findings from Seqrite present that the group ‘Operation SideCopy’, energetic since 2019, seems to be a cyber espionage marketing campaign with hyperlinks to Pakistan-backed Transparent Tribe group.

According to the Seqrite report, hackers have been leveraging compromised web sites, which resemble the web sites that the focused organizations would typically entry.

Also Read | A ransomware that calls for justice, not cash

“This revelation further strengthens the claim that Operation SideCopy which is operated by the Transparent Tribe group is originating in Pakistan,” Seqrite mentioned.

Through servers, researchers might determine the targets Critical Infrastructure offering authorities enterprises in telecom, energy, and finance sectors. As a number of C2s are getting used extra entities might be on the radar.