FireEye reveals new cyber attacks on govt officials
New Delhi: FireEye revealed recent cyber attacks by a suspected Pakistan- based group against Indian government officials. On May 18, 2016, the group registered a fake news website and sent spear phishing emails to Indian government officials. The emails referenced the Indian Government’s 7th Central Pay Commission, a topic of interest among officials. “This is another example of real world tensions reflected in cyberspace. There’s no silver bullet to fend off advanced cyber attacks. It’s critical for Indian organizations to bring together the technology, expertise and threat intelligence necessary to quickly detect and respond to these attacks,” said Bryce Boland, chief technology officer, Asia Pacific, FireEye. The emails sent to government officials were sent from timesofindiaa. in, a fake news domain registered by the attackers. The group attached a malicious Microsoft Word document to the emails, which pretended to be sent by an employee of The Times of India. They requested the recipient open the attachment about the 7th Pay Commission. The attachment is designed to create a backdoor which FireEye calls the Breach Remote Administration Tool. FireEye has not previously observed this malicious tool used by these threat actors. It allows the attacks to download and run new programs, upload files from the victims’ systems to the attackers’ servers, and a variety of other functions. Only one of the recipient email addresses was publicly listed on a website, suggesting that the actor harvested the other non- public addressees through other means.