Targeted cyber attacks are those which are performed over a period of time with a clear intention of damaging an organization’s reputation by stealing data from their network and servers. Targeted attacks are the worst case scenario any organization can imagine as not only it might lose reputation but also may cost millions of loss in the form of confidential data. Indian government was not far away from being one of those targets, not only once but thrice in three months. Where the attackers targeted various government and army officials of India.
Operation Transparent Tribe
It was the first week of March when Proofpoint reported of evidences of an Advanced Persistent Threat (APT) against Indian Diplomats and Military resources. The threat group behind these attacks sent spear-phishing mails with current news which are of interest of the target. The links in the mail redirected the victim to sites which dropped a RAT (Remote Access Trojan) in the victim’s system named as MSIL/Crimson. This RAT is quite an advanced cyber-espionage tool, capable of stealing various types of data from the local computer and sending it to a C&C server. The full report by ProofPoint can be read HERE.
SmeshApp – A smart Targeted Cyber Attack
A popular Indian news house CNN-IBN reported the use of a mobile application named ‘SmeshApp’ to spy soldiers of Indian Army. The soldiers were lured through Facebook to install this app in their mobiles and once installed all their stored information, Phone calls, Text Messages and even the movements of soldier by their location used to be sent to a server located in Germany and was hosted by a man in Karachi Pakistan.
Later google removed the reported malicious SmeshApp from their play store repository.
While following the targeted attacks campaign reported by Proofpoint, A major security research firm TrendMicro detected another major attacks campaign against Indian Military officers. Passport scans, Photo IDs, tax information etc. of more than 160 Military officers were stolen.
Like all the targeted attacks, the actors behind the attack used email sent to targets. It contained a PDF file, which after getting downloaded used to install malicious windows executable Trojan in the target system. Which acting like a key logger sent the data to a Comman and Control server, based out of Pakistan, from where the attackers were easily able to understand the victim’s action.
This report by TrendMicro is available HERE.