Cyber-security firm Symantec has discovered a sustained 'state-sponsored' cyber spying campaign against arch rivals India and Pakistan, Reuters reported on Monday.
Symantec reportedly sent its threat intelligence report to clients in July noting that espionage attempts dated back to October 2016. The campaign apparently is the work of several groups, but tactics and techniques used suggested that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, as per the report. However, no nation has been named as such.
“Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” back door to access files on computers,” said the Reuters report.
The report further adds that attackers use decoy documents related to security issues in South Asia to install the malware. These documents included reports from Reuters, Zee News, and The Hindu, which were related to military issues, Kashmir, and Indian secessionist movement.
One installed, the malware essentially allows spies to upload or download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots. The malware is also being used to target Android devices, according to Symantec.