Suspected Pakistani spies use catfishing, stealthy hacking tools to target Indian defense sector
For years, suspected Pakistani hackers have sought to pry their way into Indian government computer networks as part of broader dueling cyber-espionage campaigns between the rival nations.
Over the last 18 months, a spying group known as Transparent Tribe has expanded its use of a hacking tool capable of stealing data and taking screenshots from computers, according to research published Thursday by Talos, Cisco’s threat intelligence unit. Hackers also are going after additional targets beyond Indian military personnel, including defense contractors and attendees of Indian government-sponsored conferences.
Talos did not mention Pakistan in its research, but multiple security researchers told CyberScoop the Transparent Tribe group is suspected of operating on behalf of the Pakistani government. Similarly, research from email security firm Proofpoint has previously linked a Pakistan-based company to the development of the group’s malicious code.
Talos’ findings reflect a relentless appetite for defense-related secrets among hacking groups with suspected links to Pakistan and India, two nuclear-armed neighbors prone to territorial disputes.
Transparent Tribe’s improved capabilities are also a case study in how governments not known for their hacking prowess can evolve. While U.S. officials regularly name China, Russia, Iran and North Korea as the most capable of cyber actors, governments the world over appear to be buying off-the-shelf hacking kits or developing their own tools.
A 2019 study backed by the Department of Homeland Security and the Office of the Director of National Intelligence found that countries such as Vietnam and the United Arab Emirates had made sharp advances in their hacking capabilities in recent years.
“A proliferation and commodification of cyber offensive capabilities is reshaping the cyber balance of power, enabling an expanded array of actors to use cyber for geopolitical impact or economic gain,” said the study, whose authors included government and private-sector executives.
Asheer Malhotra, a Talos threat researcher, said that Transparent Tribe “has become more and more aggressive in terms of targeting, expanding operations and evolving their tactics.”
For example, the group has recently used breached websites to deliver its malicious code to victims, rather than simply embedding the code in an email, according to Talos. That makes the intrusion attempts harder to detect. As of this week, the hackers were using a website that mimics an Indian government benefits portal to try to infect government employees, Malhotra said.
Transparent Tribe has also made a habit of appealing to their targets’ romantic desires. The hackers in 2019 and 2020 sent malware-laced photos of alluring women to targets, according to Talos. India’s defense minister warned about Pakistan’s alleged use of that broader tactic in 2019, and said that young military recruits were trained to spot the subterfuge.
Hackers with suspected ties to India have also repeatedly gone after Pakistani targets. In February, mobile security firm Lookout uncovered a years-long hacking campaign that aligned with Indian interests and sought to bug the phones of people in Pakistan and elsewhere. Among the suspected targets was a job candidate at the Pakistan Atomic Energy Commission.
“This is business as usual from an espionage perspective,” Malhotra said when asked if there was any fluctuation in digital spying that coincided with a spike in tensions between India and Pakistan. “There have always been military and political tensions between the two states since their inception.”
