Security News

Hackers use modified MFA tool against Indian govt employees
2022-03-29 16:29

A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government. The particular threat actor has been active since at least 2016, based in Pakistan, and its targets have historically been almost exclusively Indian defense and government entities.

Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers
2022-02-11 03:49

A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "Incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks as "ModifiedElephant," an elusive threat actor that's been operational since at least 2012, whose activity aligns sharply with Indian state interests.

New CapraRAT Android Malware Targets Indian Government and Military Personnel
2022-02-07 05:34

A politically motivated advanced persistent threat group has expanded its malware arsenal to include a new remote access trojan in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high "Degree of crossover" with another Windows malware known as CrimsonRAT that's associated with Earth Karkaddan, a threat actor that's also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, and Transparent Tribe.

U.S. Authorities Charge 6 Indian Call Centers Scamming Thousands of Americans
2022-02-04 01:35

A number of India-based call centers and their directors have been indicted for their alleged role in placing tens of millions of scam calls aimed at defrauding thousands of American consumers. The indictment charged Manu Chawla, Sushil Sachdeva, Nitin Kumar Wadwani, Swarndeep Singh, Dinesh Manohar Sachdev, Gaje Singh Rathore, Sanket Modi, Rajiv Solanki and their respective call centers for conspiring with previously indicted VoIP provider E Sampark and its director, Guarav Gupta, to forward the calls to U.S. citizens.

Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments
2021-12-03 05:54

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes' latest findings go into detail about the new tactics and tools adopted by the APT group known as SideCopy, which is so-called because of its attempts to mimic the infection chains associated with another group tracked as SideWinder and mislead attribution.

Indian bank smacks down allegation it exposed 180 million customers' accounts
2021-11-23 01:58

India's Punjab National Bank has smacked down a security firm's allegation that it exposed personal and financial data of its 180 million customers - but appears to have admitted its Exchange Server implementation wasn't in tip-top shape. In the same report, the Bank admitted that it uses Exchange, but the allegedly unpatched servers were only used to route mail to Office365 and contain no sensitive data.

Indian securities depository exposed 44 million investors' personal info – twice
2021-11-09 04:58

Indian infosec consultancy CyberX9 claims it twice found records of 43.9 million shareholders exposed by systems operated by Central Depository Services Limited - and that the depository company responded slowly to its alerts of significant vulnerabilities. CyberX9 has alleged that CDSL exposed data describing even more customers, with full names, tax department ID numbers, marital status, date of birth, nationality, residential address, email address, occupation details, and even the names of spouses and parents leaked.

Indian-Made Mobile Spyware Targeted Human Rights Activist in Togo
2021-10-11 10:00

A prominent Togolese human rights defender has been targeted with spyware by a threat actor known for striking victims in South Asia, marking the hacking group's first foray into digital surveillance in Africa. Amnesty International tied the covert attack campaign to a collective tracked as "Donot Team", which has been linked to cyber offensives in India and Pakistan, while also identifying apparent evidence linking the group's infrastructure to an Indian company called Innefu Labs.

Air gaps have been 'shattered’, says new Indian policy on power sector security
2021-10-08 04:58

India has announced a new security policy for its power sector and specified a grade of isolation it says exceeds that offered by air gaps. "The much hyped air gap myth between information technology and operational technology systems now stands shattered," the policy states, before going on to offer a slightly odd definition of an air gap.

SideCopy Hackers Target Indian Government Officials With New Malware
2021-07-11 21:39

A cyber-espionage group has been observed increasingly targeting Indian government personnel as part of a broad campaign to infect victims with as many as four new custom remote access trojans, signaling a "Boost in their development operations." First documented in September 2020 by Indian cybersecurity firm Quick Heal, SideCopy has a history of mimicking infections chains implemented by the Sidewinder APT to deliver its own set of malware - in an attempt to mislead attribution and evade detection - while constantly retooling payloads that includes additional exploits in its weaponry after a reconnaissance of the victim's data and environment.