Russian Hackers Steal Indian Military Secrets From Pakistani Cyber Spies

Hackers linked to Russian intelligence have stolen Indian military data from cyber spies believed to be working on behalf of the Pakistani state, according to an assessment by Microsoft researchers. All those involved are part of what are known as "advanced persistent threat" (APT) organizations in their respective countries.  TechTarget defines "Advanced Persistent Threat (APT) as "a prolonged, targeted cyber attack that involves an attacker gaining and maintaining unauthorized access to a network for an extended period". The goal of an APT is to steal sensitive data, rather than cause damage to the network or infect systems with malware. It is harder to defend against such intrusions than to attack. 


In a recent blog post, Microsoft researchers have discussed how Russian FSB's Secret Blizzard APT has breached a Pakistan-based threat activity cluster called Storm-0156 ATP to steal India's military secrets gathered by Pakistani intelligence. Since then, researchers from Microsoft and Black Lotus Labs say, Secret Blizzard has been able to leech off of Storm-0156's cyberattacks, accessing sensitive information from various Afghani government agencies and Indian military and defense targets. 

State actors in India and Pakistan are known to target each other for cyber espionage. Last year, the Pakistani government warned its officials about a number of India-linked APT groups, including PatchWork and Sidewinder, targeting Pakistan. Some Indian ATP groups also target China. 

Some Pakistani APTs targeting India have also been revealed in recent years. Among these are SideCopy and Transparent Tribe

Given the cyberthreat landscape in South Asia, Pakistan is trying to improve its cybersecurity posture, steering $18 million in funding for cybersecurity research and adding $36 million to its budget to develop better cybersecurity technical capabilities. 

International Telecommunications Union (ITU) has ranked Pakistan (score 96.69/100) among top tier countries for cybersecurity in 2024.  Out of a maximum score of 20, Pakistan received 20 for legal measures, 18.21 for technical measures, 20 for organization measures, 20 for capacity development and 18.48 for cooperative measures, according to the Global Cybersecurity Index 2024 report released by the ITU. 

Pakistan Cybersecurity Scores 2024. Source: ITU

Pakistan's tier one cybersecurity ranking is a big improvement from its 79th rank (score 64.88 from 100) it got in the cybersecurity ranking by the ITU in 2020. Four years ago, Pakistan scored 15.97 on legal measures, 12.26 on technical measures, 11.01 on organizational measures, 17.25 on capacity development and 8.38 on cooperative measures. 

Increasing penetration and rapid growth of the Internet user base in Pakistan has brought in a lot of user complaints of bullying and fraud, necessitating government action, including new legislation and capacity building to fight cyber crimes. 

Pakistan Telecom Indicators as of July 2024. Source: PTA


In 2018, Pakistan launched its National Center for Cyber Security (NCCS) as a joint project of Higher Education Commission (HEC) and the Federal Planning Commission. The Center includes several Research and Development (R&D) Labs at Pakistani universities. These universities have been given the mandate to establish NCCS affiliated Labs in different specialties of cybersecurity under the Center's secretariat.  Earlier this year, Pakistan's economic coordination committee (ECC), a ministerial level body, allocated $36 million for work on cybersecurity measures. 

Like many other nations, the cybersecurity threats in Pakistan include hacking, identity theft, cyber-bullying, cyberstalking, spoofing, financial frauds, digital piracy, viruses and worms, malicious software, money laundering, denial of service attacks, electronic terrorism, vandalism, and pornography. 

Pakistan has passed a cybercrime bill and established a National Response Center for Cyber Crime (NR3C).  NR3C has expertise in Digital Forensics, Technical Investigation, Information System Security Audits, Penetration Testing and Training. Since its inception, it has been involved in capacity building in various departments including Police, Intelligence, Judiciary and Prosecutors. Cyber Scouts is the latest initiative of NR3C, in which, selected students of different private/public schools are trained to deal with computer emergencies and increasing awareness of cyber threats amongst their fellow students, teachers and parents.

Comments

Riaz Haq said…
Pakistan-Linked Hackers Expand Targets in India with CurlBack RAT and Spark RAT

https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html

A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT.

The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew's targeting footprint beyond government, defence, maritime sectors, and universities.

"One notable shift in recent campaigns is the transition from using HTML Application (HTA) files to adopting Microsoft Installer (MSI) packages as a primary staging mechanism," security researcher Sathwik Ram Prakki said.

SideCopy is suspected to be a sub-cluster within Transparent Tribe (aka APT36) that's active since at least 2019. It's so named for mimicking the attack chains associated with another threat actor called SideWinder to deliver its own payloads.

In June 2024, SEQRITE highlighted SideCopy's use of obfuscated HTA files, leveraging a technique previously observed in SideWinder attacks. The files were also found to contain references to URLs that hosted RTF files identified as used by SideWinder.

The attacks culminated in the deployment of Action RAT and ReverseRAT, two known malware families attributed to SideCopy, and several other payloads, including Cheex to steal documents and images, a USB copier to siphon data from attached drives, and a .NET-based Geta RAT that's capable of executing 30 commands sent from a remote server.

The RAT is equipped to steal both Firefox and Chromium-based browser data of all accounts, profiles, and cookies, a feature borrowed from AsyncRAT.

"APT36 focus is majorly Linux systems whereas SideCopy targets Windows systems adding new payloads to its arsenal," SEQRITE noted at the time.

The latest findings demonstrate a continued maturation of the hacking group, coming into its own, while leveraging email-based phishing as a distribution vector for malware. These email messages contain various kinds of lure documents, ranging from holiday lists for railway staff to cybersecurity guidelines issued by a public sector undertaking called the Hindustan Petroleum Corporation Limited (HPCL).

One cluster of activity is particularly noteworthy given its ability to target both Windows and Linux systems, ultimately leading to the deployment of a cross-platform remote access trojan known as Spark RAT and a new Windows-based malware codenamed CurlBack RAT that can gather system information, download files from the host, execute arbitrary commands, elevate privileges, and list user accounts.

A second cluster has been observed using the decoy files as a way to initiate a multi-step infection process that drops a custom version of Xeno RAT, which incorporates basic string manipulation methods.

"The group has shifted from using HTA files to MSI packages as a primary staging mechanism and continues to employ advanced techniques like DLL side-loading, reflective loading, and AES decryption via PowerShell," the company said.

"Additionally, they are leveraging customized open-source tools like Xeno RAT and Spark RAT, along with deploying the newly identified CurlBack RAT. Compromised domains and fake sites are being utilized for credential phishing and payload hosting, highlighting the group's ongoing efforts to enhance persistence and evade detection."
April 14, 2025 at 8:34 PM
Post a Comment

Popular posts from this blog

Pakistani Women's Growing Particpation in Workforce

Image
While Fareed Zakaria, Nick Kristoff and other talking heads are still stuck on the old stereotypes of Muslim women, the status of women in Muslim societies is rapidly changing, and there is a silent social revolution taking place with rising number of women joining the workforce and moving up the corporate ladder in Pakistan. "More of them(women) than ever are finding employment, doing everything from pumping gasoline and serving burgers at McDonald’s to running major corporations", says a report in the latest edition of Businessweek magazine . Beyond company or government employment, there are a number of NGOs focused on encouraging self-employment and entrepreneurship among Pakistani women by offering skills training and microfinancing . Kashf Foundation led by a woman CEO and BRAC are among such NGOs. They all report that the success and repayment rate among female borrowers is significantly higher than among male borrowers. In rural Sindh, the PPP-led govern...
Read more

Pakistan Among World's Largest Food Producing Countries

Image
Pakistan's agriculture output is the 10th largest in the world. The country produces large and growing quantities of cereals, meat, milk, fruits and vegetables. Currently, Pakistan produces about 38 million tons of cereals (mainly wheat, rice and corn), 17 million tons of fruits and vegetables, 70 million tons of sugarcane, 60 million tons of milk and 4.5 million tons of meat.  Total value of the nation's agricultural output exceeds $50 billion.  Improving agriculture inputs and modernizing value chains can help the farm sector become much more productive to serve both domestic and export markets.   Top 10 Countries by Agriculture Output. Source: FAO Pakistan has about 36 million hectares of land under cultivation. Wheat and rice are grown on more than half of it. Fruits and vegetables each account for only about 3% of the cultivable land.  Since year 2001, the country's cereal production, mainly wheat, corn and rice, has grown about 45% to  38 million tons...
Read more

Pakistan's Saadia Zahidi Leads World Economic Forum's Gender Parity Effort

Image
Pakistan-born, Harvard-educated economist Ms. Saadia Zahidi, author of "50 Million Rising" , is currently a member of the executive committee and the head of Education, Gender and Work at the World Economic Forum , Davos, Switzerland. She told Kai Ryssdal of APR Marketplace of her visit to a gas field in Pakistan with her geophysicist father where she met Nazia, a woman engineer who inspired her. Saadia Zahidi The "50 Million" in the title of her book refers to the 50 million Muslim women who have joined the work force over the last 15 years bringing the total number of working women in the Muslim world to about 155 million. In her book, Saadia talks about her father being the first in his family to go to university. He believed in girls' education and career opportunities. She recalls him suggesting that "my sister could become a pilot because the Pakistan Air Force had just starting to train women. Another time he speculated that I could become a...
Read more