Election officials in Kashmir targeted by hackers: Experts
THE IDENTITIES OF THE ATTACKERS WERE NOT KNOWN BUT BASED ON DIGITAL CLUES, THE RESEARCHERS DETERMINED THAT THE DEVELOPERS ARE POSSIBLY BASED IN INDIA
NEW DELHI: Election officials in Kashmir were hacked by a group that has also typically targeted people linked to India’s adversaries such as Pakistan, cyber security researchers said in a recent analysis after discovering malware and the data that was purportedly stolen from victims’ phones.
The discovery was made by San Francisco-based Lookout, which found the evidence of the campaign sitting in unsecured “command and control” servers with 18GB of data. They have identified the hacking group with the codename Confucius and found two malware – Hornbill and Sunbird – which was used to hack into the targets, who were lured into installing fake apps made to resemble real ones.
“The titles, icons and functionality appear to be harmless or useful to a potential target, but in reality the applications are surveillance ware and send the target’s personal data to a malicious site that the attacker controls,” said by Apurva Kumar, security intelligence engineer at Lookout, in an exchange over email with HT.
The purpose of the hacks was not clear.
The researchers said data such as calls logs, SMS messages and Whatsapp conversations were stolen. The findings were made in an analysis published on Thursday and first reported by Bloomberg. The malware was delivered as fake apps disguised as security tools and popular regional chat and dating applications.
The identities of the attackers were not known but based on digital clues, the researchers determined that the developers are possibly based in India. “In particular, links between the Hornbill developers indicate they all appear to have worked together at a number of Android and IOS app development companies registered and operating in or near Chandigarh, Punjab,” Kumar added.
The targets of the group also included people associated with the Pakistan Atomic Energy Commission and individuals with numerous contacts in the Pakistan Air Force, but the researchers also found evidence that Indian election officials were hacked.
“Evidence in the exfiltrated data shows one particular device located in the Pulwama district of Kashmir. In the list of publicly accessible exfiltrated SMS messages, the device received instructions via SMS on logistics for duties of a Booth Level Officer (BLO) in that district. This device also had information on call logs and contact details,” Kumar said.
The spying on the election officials was carried out at least from late 2018 till early 2019, the data from the targets found on the servers suggested.
Kumar described the sophistication of the group’s technical strategies as “medium”. “One characteristic of Hornbill and Sunbird that stands out is their intense focus on exfiltrating a target’s communications via Whatsapp,” she said, adding that malware could also record calls made through Whatsapp and execute specified commands on an infected device.
HT reached out to the Election Commission and the Ministry of Home Affairs but there was no immediate response on the report.
The use of fake applications with names and icons similar to legitimate ones has been of concern. Indian security officials last year warned of similar attempts using fake Aarogya Setu versions.
Experts at the time recommended that people should only install apps they know and download from the Google Play Store or Apple’s App Store.