Cyber security firm Symantec has revealed that they have identified cyber spying campaign over Pakistan and India which is likely to be a state-sponsored campaign against both nations following regional security issues.
A threat intelligence report sent to clients in July, Symantec said the online spying started back in October 2016.
The report was reviewed by Reuters, claims that the espionage seems to be the work of several groups which have similar goals to accomplish, probably be a state-sponsored spying group, however it didn’t name the involvement of any state.
The detailed report comes out at the time when there are escalating tensions in the region, one side of which is between India and China on the border and between Pakistan and India over Kashmir issue.
However, Symantec does not publicly comment on the malware report, investigation and analysis, Symantec also claims that it could not recognize the likely sponsor of the campaign. But Symantec has warned the governments and militaries in south Asian regions at risk of leaking sensitive information stored on the computers, the malware uses “Ehdoor” back door to access files on the computer.
A spokesperson of Symantec said, there was a similar campaign in the past which targeted Qatar, in that campaign Spynote and Revokery programs were used.
According to Symantec, the malware was installed using decoy documents related to security in South Asia. The reports from Reuters, Hindu News, and Zee News, the reports were related to Kashmir, Military issues, and Indian secessionist movement.
The spy malware allows spies to upload, download files, initiate processes, log keystrokes, identify the location, take screenshots and steal personal data, the malware is equally affected for computers and Android devices.
In response to a previous spy malware report dated back in February both Indian and Pakistani government denied to comment, the current report says the malware had capabilities of continuously being modified and provide additional capabilities of spying operations, Pakistan’s senior FIA official said previously that it did not receive any incident reports from government IT departments.
Another cyber security firm FireEye said, the espionage efforts in the region are not new, we have witnessed quite a few campaigns in the past due to the geopolitical tensions in the region, according to Symantec report the “Ehdoor” back door was first utilized back in late 2016.