Pakistan-based hackers target India’s electricity industry, government organization
Using new malware, Pakistan-based hackers attacked critical infrastructure in India’s power sector and a government organization earlier in 2021, said Black Lotus Labs, the threat intelligence arm of Lumen. Technologies, based in the United States.
The hackers had used a new type of Remote Access Trojan (RAT). This program allows covert surveillance and gives hackers unauthorized access to target’s systems. Pakistan-based hackers had used compromised India-based domain URLs.
Micheal Benjamin, vice president of product safety at Lumen Technologies-Black Lotus Labs, told India Today TV: âThere were a number of indicators suggesting how the campaign was conducted which led us to believe that the individuals were in Pakistan. And from the network telemetry and the network visibility we have, we were able to ensure that the targeting was very specific to India, focused on the utilities as well as a single government entity. “
“RAT gave attackers access to the computer network of power companies, but it is not known whether the Operations Technology (OT) networks, used to run power operations, were affected or not,” added Benjamin.
Cyber ââAttack Says Hackers, Who Had Their ‘Operational Infrastructure Hosted In Pakistan’, Used Transformed PDF Communication Linked To COVID-19 Vaccination
âThe IP address assigned to the hacker groups is owned by Pakistani mobile data operator CMPak Limited, known as Zong 4G in Pakistan. The mobile operator is a 100% subsidiary of China Mobile Communications Corporation, âsaid Benjamin.
Different from Chinese state-funded cyberattacks
Benjamin explained that recent targeting lacked features associated with Chinese state-sponsored cyberattacks. He added that any perceived overlap with Chinese groups is highly unlikely in this case.
âSome of the mechanics that were used here, as well as the way the actors didn’t hide, didn’t match the sophistication we typically see with state-sponsored Chinese actors. So I would separate these groups from. actors, “he said. “The past activities of these attackers suggest that those involved in this affair have mainly focused on India,” Benjamin said.
Read also: Hackers hack Iranian rail network; disrupt the service with a false delay, cancellation messages
Also Read: Chinese Hackers Targeting SBI Customers By Sending Malicious Links