The cyber warfare of Pakistan military and groups linked to it targeting India continues unabated. It seems to acquire new fangs with advancement of technology. According to a recent threat report of Meta, the parent company of Facebook, state-linked hackers in Pakistan have been spying on military personnel in India using fake apps and websites to compromise their personal devices.
The espionage effort is one of three South Asian operations included in Meta’s quarterly adversarial threat assessment, along with actions taken by the Bahamut and Patchwork APT groups, all of which seem to be geared at gathering intelligence. The organisation situated in Pakistan was not given a name by the firm.
What is Advance Persistent Threat (APT) hacking?
An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorised access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.
Findings of Meta Report
As per APT operational strategy, a hacker or group of hackers can create accounts across various locations with fake personas and can almost totally escape being recognised. In fact, the report says, they functions on the model of “social engineering”.
The report says that cyber security experts have caught hacker groups create fake accounts with “elaborate fictitious personas with backstops across the internet so they can withstand scrutiny by their targets, platforms and researchers.”
While the Pakistan-based gang allegedly pretended to be ladies looking for personal relationships to deceive victims, Meta said that some of the accounts also claimed to be recruiters, journalists, or military officials.
Most recent example is that of DRDO scientist Pradeep Kurulkar was allegedly lured by a Pakistani Intelligence Operative using the alias ‘Zara Dasgupta’. Kurulkar was chargesheeted on July 8 for passing on information to Pakistan about a crucial missile programme of India.
The new hacking model determines that the Pakistan-based hacking gang is able to avoid spending in building complex malware because of its concentration on socially engineering people into clicking on harmful links or exchanging important information with a phoney persona.
The researchers found that “cheaper, low-sophistication malware can be highly effective in targeting people when used together with social engineering.”
Some of the custom desktop apps that the hackers had developed were not themselves malicious, but were used to subsequently send malware directly to targets. The hacking group, which is known in the industry for its use of the GravityRAT spyware — as detailed by Cisco and Kaspersky — has been operational since 2015, says Meta in its report.
Kashmir, Military in the Range of Cyber Mercenaries
Kashmir is an obvious target of hackers operating from or behalf of Pakistan. According to the Meta report, new-age hackers are particularly targeting military personnel, government employees and activists through invading their cyber activities.
The Meta report says that cyber security experts have found a hacking group known as Bahamut APT which has been targeting people in Pakistan and India, including the Kashmir region. The Meta added that it took action against 110 accounts on Facebook and Instagram linked to the hacking group.
The military personnel, activists, and minority groups in Pakistan, India, Bangladesh, Sri Lanka, the Tibetan area, and China were also the targets of the Patchwork APT campaign, another dangerous front opened by the hired hackers.
Although, unlike the Pakistan-based gang, The Patchwork’s applications featured rudimentary harmful functionality that depended on the app permissions supplied by the end user, they had been successfully submitted to the Google Play Store.