New tech tools have given cyber warfare targeting India and emanating from China and Pakistan new fangs. According to a recent threat report of Meta, the parent company of Facebook, state-linked hackers in Pakistan have been spying on military personnel in India using fake apps and websites to compromise their personal devices.

New Delhi-based portal www.dfrac.org that keeps track of cyber espionage against India shared with India Narrative the findings of the said Meta report.

Espionage is one of three South Asian operations included in Meta’s quarterly adversarial threat assessment, along with those of the Bahamut and Patchwork APT groups, all of which appear to have focused on intelligence gathering. The company did not name the Pakistan-based organisation though.

An Advanced Persistent Threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorised access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

According to APT’s operational strategy, a hacker or hacker group can create accounts with fake individuals in various locations and almost completely avoid detection. In fact, according to the report, they operate on a “social engineering” model.

According to the report, cyber security experts have caught hacker groups creating fake accounts that involve “creating fictitious personas with ulterior motives on the Internet to withstand surveillance of their targets, platforms and researchers.”

While the Pakistan-based gang claimed to be women seeking personal relationships to defraud victims, some accounts claimed to be recruiters, journalists or military officials, according to Meta.

The new code model dictates that the Pakistani code gang can avoid the cost of creating sophisticated malware because it focuses on socially manipulating people by inducing them to click on malicious links or exchanging important information with a fake identity.

The researchers found that “cheaper and less sophisticated malware can be very effective at targeting people when used in conjunction with social engineering.”

Some custom desktop programs developed by hackers were not malicious, but were later used to send malware directly to targets. The hacking group, known in the industry for using the GravityRAT spyware described by Cisco and Kaspersky, has been active since 2015, Meta says in its report.

Kashmir is an obvious target for hackers from or on behalf of Pakistan. According to the Meta report, new age hackers are specifically targeting soldiers, government employees and activists by attacking their cyber operations.

The Meta report says that cybersecurity experts discovered a code group called Bahamut APT that targeted Pakistan and India, including the Kashmir region.  Meta added that it is taking action against 110 Facebook and Instagram accounts linked to the hacking group.

Militants, activists and minority groups in Pakistan, India, Bangladesh, Sri Lanka, the Tibetan region and China have also been targeted by the Patchwork APT campaign, another dangerous front opened by hired hackers.

Although unlike the Pakistan-based gang, The Patchwork’s programs had rudimentary malicious functionality that depended on programme permissions granted by the end user, they were successfully submitted to the Google Play Store.

Indian Army raising new units to counter China, Pak in cyber warfare

Read @ANI Story | https://t.co/3kKGs7kEKw#IndianArmy #China #Pakistan #Cyberwarfare pic.twitter.com/RDPFsolNNM

— ANI Digital (@ani_digital) April 27, 2023

India wakes up to new cyber threats

India has established the Defence Cyber Agency to combat cyber warfare originating in any form. The agency conducted the cyber defence exercise in the last week of May after US cyber experts found Chinese sleeper malware in Australia and Japanese networks as part of Quad cybersecurity cooperation.

“This malware is normally injected into the critical network and made to lie dormant for years. The bug is then activated by China any time it chooses to cripple the critical infrastructure or extract information,” one of the officials was quoted by the Hindustan Times as saying during the commencement of the exercise.

It is understood that the November 23, 2022, cyberattack on five servers of AIIMS in Delhi was engineered by China-based hackers and the cyber post-mortem of the attack showed that the malware or the bug to steal medical records was planted in the servers way back in 2014.

While the Indian national security agencies and tri-services network are protected by air gap and stand-alone servers, the Union government servers under the National Informatics Centre (NIC) have, nevertheless been cyber-attacked by India’s adversaries to glean confidential information and intelligence through planted malware, illustrating the necessity to push resources and talent in the cyber domain.