A Pakistan-based group is suspected to be behind cyber attacks on Indian government officials, luring them with emails referencing seventh Central Pay Commission, a software security firm has claimed.
“On May 18, 2016, the group registered a fake news website and sent spear phishing emails to Indian government officials. The emails referenced the Indian government’s seventh Central Pay Commission, a topic of interest among officials,” security firm FireEye said in a statement.
The emails sent to officials were sent from timesofindiaa.in, a fake news domain registered by the attackers, it added.
The group attached a malicious Microsoft Word document to the emails, which pretended to be sent by an employee of a leading publication. They requested the recipient to open the attachment about the seventh Pay Commission.
The attachment is designed to create a backdoor, which FireEye calls the Breach Remote Administration Tool (BreachRAT).
It allows the attacks to download and run new programmes, upload files from the victims’ systems to the attackers’ servers and a variety of other functions.
“FireEye has not previously observed this malicious tool used by these threat actors... Only one of the recipient email addresses was publicly listed on a website, suggesting that the actor harvested the other non-public addressees through other means,” the statement said.
The suspected Pakistan-based threat group has been active for several years, conducting suspected intelligence collection operations against South Asian political and military targets, it added.
The group is the same that FireEye revealed in March to have conducted cyber attacks against Indian targets and Pakistani dissidents since 2013, it said.