Pakistan-based hackers targeted power sector, govt organisation in India

Pakistan-based hackers targeted critical infrastructure of the power sector and one government organisation in India earlier this year using a new malware, said Black Lotus Labs, a threat intelligence arm of US-based Lumen Technologies.

The attackers installed a new kind of Remote Access Trojan (RAT) a program that enables covert surveillance and unauthorised access to victim’s computers. The hackers used India-based compromised domain URLs.

Speaking exclusively to India Today TV, Micheal Benjamin, Vice President of Product Security at Lumen Technologies-Black Lotus Labs, said, “There were a number of indicators suggesting how the campaign was carried out that led us to believe that the individuals were located in Pakistan. And from the network telemetry and network visibility that we have, we were able to ascertain that the targeting was very Indian specific, focused on power companies as well as a single government entity.”

RAT gave the attackers access to the IT network of the power companies, but it is not known if the Operations Technology (OT) networks, used for running the power operations, were affected or not, Benjamin said.

“The IP address assigned to the hacker groups belongs to Pakistani mobile data operator CMPak Limited, popularly known as Zong 4G in Pakistan. The mobile operator is a 100 percent owned subsidiary of China Mobile Communications Corporation,” Benjamin said.