29 September 2023

Pakistani cyber attackers using country domain code to target Indian defense personnel

AIHIK SUR

The Indian government has released a cybersecurity advisory cautioning that Indian defence personnel are being targeted by Pakistani cyber attackers. These attackers are reaching out to their targets using websites registered under the domain - .IN.

Cyber threat actors are constantly devising new methods to target potential victims, and this is one of their most recent tactics.

Moreover, this particular tactic is significant as the .IN domain is India's top country code internet domain, hence making it harder for people to discern where the website is being operated and by whom.

According to the advisory accessed by Moneycontrol, these websites are being hosted by Pakistan-based malicious actors, and are being used "to trap Indian defence personnel".

This comes at a time when various branches of the Indian defense, including the Indian Navy, have been targeted by threat actors.

For instance, Defence Research and Development Organisation (DRDO) employees were being targeted with malware which came under the guise of honey trap prevention guidance. Recently, Indian Navy also said that their families were being targeted by cybercriminal groups in a bid to extract sensitive information from them.

The recent advisory listed several websites which the government suspects of being hosted by Pakistani threat actors. They include —
  • coorddesk.in
  • ksboards.in
  • coordbranch.in
  • ksbpanel.in and more
The advisory further said that the government is conducting further research to identify more such domains. These domains can be used to launch phishing attacks against the Armed Forces.

The advisory recommended employees to block these URLs, and sensitise all personnel regarding such websites. "Download applications only from trusted websites," it read.

Earlier Moneycontrol had reported how another Indian defence body warned its employees of DogeRAT malware, which when infects a device can steal information from a smartphone, capture photos on the device and so on.

According to the advisory, the malware was being circulated by a cybercriminal group over Telegram under the guise of legitimate applications such as ChatGPT, the Opera Mini browser, premium versions of YouTube, and other popular apps and websites.

No comments: