India and Mumbai have been hit by a sustained cyber tracking campaign according to a report from digital security company Symantec Corp.
Earlier today, Symantec revealed that both countries have been hit by a major digital tracking campaign that was “likely state-sponsored” and related to regional security issues.
The online tracking campaign dates back to October 2016. Symantec claims the work appears to be the result of several groups. However, similarities between the groups’ approaches suggests that the attacks were part of a collaborative effort possibly led by the same sponsor – “probably a nation state”.
The report does not name the state.
Both India and Pakistan are military superpowers with nuclear capabilities. The region isn’t exactly in turmoil – although there have been recent border struggles between India and Pakistan in the disputed Kashmir region, as well as additional conflicts between China, Bhutan, and India in the high-altitude regions of the Himalayas.
Governments in South Asia Are Likely at Risk
The state-sponsored cyber warfare campaign involves the use of malware. That malware uses the “Ehdoor” backdoor exploit to access files on targeted computers.
Symantec claims that “governments and militaries with operations in South Asia and regional security issues would likely be at risk from the malware.”
One security expert interviewed by Reuters claimed that a similar campaign was found targeting Qatar. In that campaign, attackers used tracking software called Spynote and Revokery that used backdoors similar to Ehdoor.
The Malware is Installed Through Clickbait
Perhaps the most interesting part of this tracking software story is how the malware was spread. Instead of implanting infected USB drives into computers or performing other spy-like techniques, attackers used decoy clickbait articles.
Attackers would send decoy documents related to security issues in South Asia. The documents contained reports from news agencies referring military issues – including conflicts in Kashmir and the Indian secessionist movement.
Using the malware, spies could perform all of the following malicious tracking techniques:
- Upload and download files
- Launch applications and programs
- Log keystrokes
- Identify the target’s location
- Steal personal data
- Take screenshots
The malware was targeted at both PCs and Android devices.
Could This Attack Be North Korea Trying to Steal Nuclear Information?
Any time India and Pakistan are targeted by cyber warfare campaigns, speculation will run wild.
One theory is that North Korea launched the tracking software in an attempt to gain nuclear-related secrets from India and Pakistan, both of which hold nuclear weapons.
The more likely situation, however, is that the campaign was led by China – a country notorious for its cyberwarfare campaigns against countries worldwide. China, India, and Pakistan are all embroiled in border disputes with each other or with other neighboring countries at the moment.
Download Easy-to-Use Phone and SMS Tracking Software Today with SpyStealth
In any case, tracking software like SpyStealth can be used by more than just national security agencies. It can also be used by average individuals seeking to learn more information about a spouse, or concerned parents who just want to keep track of their child. Download SpyStealth today to discover how easy it is to use.