U.S.-based cyber-security and malware analysis firm FireEye has now issued a report, revealing that a Pakistan-based firm, with close ties to the Pakistani Government, had attacked Indian Government’s and defence establishment’s computers, in a major cyber attack within the past two years.
The report, which is a result of a two-year investigation carried out by FireEye, further reveals that the accused Pakistani firm had used U.S.-leased hosting services to carry the cyber-attack. The report adds on that the attacks are still pretty much active, even though Indian government denied any knowledge of this.
Dr. Gulshan Rai, Dir.Gen. of CERT-In, told Economic Times,
It is incorrect. We have only seen cases of website hacking. However, they hold only public data.
However, certain senior official from the administration, has told ET that India’s defence establishments had indeed been targeted but said the attackers could not be traced. The official adds,
We have seen many such attacks targeting Indian government and defence establishments, but in cyber space it is very hard to ascertain the actual source.
FireEye has accused a Pakistani firm by the name of Tranchulas, based out of Islamabad, which has repeatedly claimed of helping Pakistani Government to prepare for a war with India on the cyber front. d
Detailing as to how the attacks were carried out, FireEye says in its report, that the Paksitani firm flooded Indian officials’ e-mail accounts with subject lines, carrying the words ‘Sarabjit Singh’, ‘Devyani Kobragade’, `Salary hikes for government employees’ etc., to lure the officials into opening those mails.
These mails, which carried malicious software within them, were then used to get into Government computers, to leak out any possible detail out of them. The malware identified by FireEye has been ac tive since early 2013 with the name of a Tranchulas employee, Umair Aziz, in its code.
Michael Oppenheim, a threat intelligence analyst at FireEye says,
Once we confronted Tranchulas, the malware was modified and all references to the company were removed and replaced with some strings with Cert-In (Indian computer emergency response team) to masquerade themselves and show that the attacks were being carried out by Indian Cert
