Pakistani Cyber Criminals Targeting Indian Military Personnel In Data Theft Campaign.

Pakistani Cyber Criminals Targeting Indian Military Personnel In Data Theft Campaign.

A group of Cyber Attackers of  Pakistan were making target to the Indian Military Force for stealing their personnel data through a data-theft campaign in which not only social engineering but also malicious malware involved. 

When the researchers of Trend Micro observes the attacks, then they found the information about this operation which is known as  “C-Major".

Even researchers added that they discovered about the operation of those attackers that the hackers want to steal at least 160 military officer's information, their consultants, attaches and also information about the Indian re-sellers in which not only including their personal photographs, confidential documents, information about their financial records, strategies, passports and also photo IDs.

The security firms said that the attackers initiated their attacks through fake emails that will be sent to the targeted user individually. And this would be possible because the attackers use the phishing technique in which they attached the malicious PDF file and send the emails from high authorities emails such as - India's Ministry Of Defense.

Once the file is open then the vulnerability of Adobe Reader will be reduced as well as a Trojan is installed into the victim's system. And that malware can log to keystrokes as well as steal the information about the passwords, audio records, files & captured screenshots. 

But the researchers identify that the attackers are not so much sophisticated because that flaw or you can say malware is compiled by an MSIL (Microsoft Intermediate Language) that is a binary language using in Visual Studio that easily allowed to the Trojan for decompilation. 

According to TrendMicro,
The malware was compiled into an MSIL binary using Visual Studio. This means that the original source code was probably in VB# (Visual Basic .NET) or C# (the .NET version of C++). This also means that the developers weren’t aware that these programs can be decompiled in a trivial manner: the attackers provided the source code for free. No truly sophisticated attacker would have created and compiled their malware in this manner.

Even the source code of that malware consists the information about its C&C (Command & Control) servers and also Trend Micro System found that it has many directories in which stored the stolen information up to the 16Gb. 

And one of those C&C servers determined by the researchers that had been designed by hard-coded in the malware and that address point to located in Pakistan even this threat is designed for both versions Windows as well as for mobile. 

Finally, the fact comes out that the server is located in Pakistan. Whereas Trend Micro says that it's not compulsion that the hackers group are located from Pakistan because it is not proved by solid evidence. 

But the lead experts said that they believed that the attackers based in Pakistan because the attackers use the samples of malware that is uploaded onto the Virus Total then they scanned the users ID many times and the IDs will belong to the Pakistan's users. Even experts also added that less sophisticated attackers get easy success in their operations.

And finally, Trend Micro said in a report that has the details about the operations such as C-Major, “For those in charge of defending a corporate or organization network, this attack reinforces the fact that any user, regardless of rank or position,is susceptible to becoming the organization’s weakest security link. As such, while network defenders should be prepared to help prevent, or minimize the damage of attacks,people who use the said network should likewise be knowledgeable of threats that could possibly come. The need for proper user awareness training is clear.”

Last week Google removed the Pakistani App Used To Spy On Indian Army. Services of the Indian military (Army, Navy, and Air Force) along with the Central Industrial Security Force (CISF) and the Border Security Force (BSF) were targeted. According to the report, fake Facebook profiles were used to trap officers into honey traps, with more than 10 such fake profiles being used.