Cyber analysts in Norway on Tuesday claimed that hackers based in India have been targeting government and military agencies in Pakistan for the last three years and extracting information of national security interest to India.
The “sophisticated” attacks originated from an extensive, “non-state” cyber-attack infrastructure and used decoy links, including those that referred to this year’s beheading incident on the Line of Control (LoC) and rebel movements in the northeast, as bait, Oslo-based Norman Shark group said in a report.
The alleged cyber-attack network — referred to as Operation Hangover in the report — was apparently unearthed as cyber analysts investigated an industrial espionage attack on the Norwegian telecom firm Telenor.
The report did not identify the Pakistani agencies that were targeted but hinted that these included several sensitive military targets that would be of interest to India. The primary goal of the network seemed to have been surveillance against national security interests.
The report said there was no evidence of “state sponsorship” for Operation Hangover. However, the report named several private Indian hacker groups, including those based in New Delhi, as being behind the attack.
The hackers allegedly exploited vulnerabilities in software to plant Trojans in computers across the world, primarily in Pakistan, that then extracted information and sent it back over the Internet.
There were no details yet on how much data might have been leaked, but the report claimed that the network became active in 2010 and peaked last year. Alarmingly, the report said that the group was still active.
“Based on analysis of IP addresses collected from criminal data stores discovered during the investigation, it appears that potential victims have been targeted in over a dozen countries, most heavily represented by Pakistan, Iran, and the United States. Targets include government, military and civilian organisations,” the report said.
The Trojans planted by the network were inadvertently downloaded by users who viewed files or photographs pertaining to Indian military and rebel movements. A Pakistan government site was infected, for example, after a picture of soldiers praying near the Siachen glacier was downloaded, the report claimed.
Another link that was allegedly used for infection was an article and satellite image of the Mendhar area on the LoC that saw heightened tension early in 2013 after the alleged beheading of an Indian soldier by Pakistani army regulars.