09 Aug 2013

Indian Government and Military Targeted by Information-Stealing Malware

The Indian government and military have been targeted by malware designed to steal sensitive information, according to The Register. The cyber-attack has been discovered by security intelligence company ThreatConnect, which thinks the malware could be linked to a commercial Pakistani entity.

“There are several different self-extracting archive samples (likely targeting campaigns) which used two different decoy methods. One of the decoy methods used PDFs, the second decoy method was Flash videos,” a director of the ThreatConnect Intelligence Research Team Rich Barger said.

“In all instances the malware was shrouded within India/Pakistan-themed content and was hosted with a small subnet that doubled as a command-and-control point.”

The security researchers discovered the malware samples on the systems of a small US Midwest ISP. ThreatConnect experts also found a malicious .zip file that looked like a decoy document detailing Pakistani incompetence in locating Osama Bin Laden. The company published a detailed analysis on the malware which uses HTTP services to “collect and exfiltrate documents from victim's network.”

Researchers linked the malware with Pakistani company Tranchulas due to the aliases used when writing the malware. The security firm that works for the Pakistani government and Telenor Pakistan told the Register that it has been framed by malware writers, and that it was aware of the incident before publication of the report.

The Register also pointed out that the presence of words hidden in the malware binaries doesn’t mean that entity is responsible for creating the malicious code.