Spyware Identified, India and Pakistan are Targets: Symantec

Christian Cutler August 28, 2017
Spyware Identified, India and Pakistan are Targets: Symantec

A sustained cyber spying campaign with Indian and Pakistani entities as targets has been identified by digital security firm Symantec.

The cyber attack is suspected to be a state-sponsored effort, although the intelligence report didn’t drop any specific nation-state, and indicated that the espionage started in October 2016. The attack was said to appear as a work of several groups, but with “one similar goal,” based on the tactics and techniques used.

The region is currently in the middle of a heating geopolitical tension, as India raised operational readiness along its border with China following a face-off in Bhutan, and as its Kashmir dispute with Pakistan continues to be escalated. According to another cybersecurity firm, FireEye, the attack was hardly surprising given the heightened tensions in the region, calling South Asia a “hotbed of geopolitical tensions.”

“Wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” FireEye director of threat intelligence Tim Wellsmore said.


According to reports, the attackers used a type of clickbait in order to install the spyware. Decoy documents with subjects related to security issues in South Asia were used to plant the malware, and these documents were veiled under the guise of reports from different news and media outlets. It included military issues, Kashmir, and Indian secessionist movement in its subjects.

If the installation is successful, the malware gives the spies the liberty to upload and download files, carry out processes, log keystrokes, locate the intended target, steal personal information, and take screenshots. According to Symantec, Android devices are also being targeted.

Reports claimed that the malware utilizes a backdoor called “Ehdoor” in order to penetrate and access files on computers.

Reports also cited a statement by an anonymous security expert, which goes, “There was a similar campaign that targeted Qatar using programs called Spynote and Revokery. They were backdoors just like Ehdoor, which is targeted effort for South Asia.”

In February, India put up a center to lend a hand to companies and individuals who want to detect and remove malwares. The center has since been managed by the Indian Computer Emergency Response Team (CERT-In), and served as a resistance to the recurrent cyber-security infiltrations and incidents in India.

CERT-In Director General Gulshan Rai declined to issue a comment on the attack revealed by the Symantec report, but stated that they have taken prompt action when they discovered the backdoor in October after a Singapore-based group alerted them. Rai didn’t elaborate on the matter.

From what has been gathered from the Symantec report, investigations indicate that the backdoor was constantly being modified as a way of incurring “additional capabilities” that benefited the espionage. According to reports, an anonymous senior official connected to Pakistan’s Federal Investigation Agency said that the Agency did not receive any reports of malware incidents from the government information technology departments.

Another anonymous spokesman for FireEye said that initial reviews of the malware concluded that an internet protocol address in Pakistan submitted the malware to a testing service.

The Symantec report claimed that the Ehdoor backdoor has already been used before to put government, military, and military-affiliated targets in different regions under the crosshair of the espionage.

You must be armed to the teeth with the best and most useful knowledge in trading. Visit Bworld Review to turn yourself into a sharper and wiser investor!

Christian Cutler


Sign up to our daily newsletter and get the latest scoop in the tech market!