India and Pakistan waging a cyberwar over Kashmir intelligence

Cyber security companies have seen a spike in state-backed hacking from both countries

An Indian paramilitary trooper stands guard infront of closed shops during a lockdown in Srinagar on November 22, 2019. / AFP / Tauseef MUSTAFA
Powered by automated translation

India and Pakistan are waging an intensifying cyberwar as their countries try to steal intelligence during their stand-off over Kashmir, experts have said.

Cyber security companies have seen a spike in state-backed hacking from both countries targeting each other's officials, military personnel, businesses and state institutions.

The attacks are quickly growing in sophistication, with hacking groups developing their own tools and also bringing in malicious software from other countries, or criminal gangs in a cyber arms race.

Both countries' governments also appear to be using similar techniques to target dissidents, activists and journalists within their own borders, according to cyber security companies monitoring the situation.

The sharp increase in online espionage and attacks over the past year has mirrored a real-world military stand-off between the nuclear-armed neighbours over Kashmir. India and Pakistan appeared to come close to war in February, after Delhi launched an air strike in retaliation for a suicide bombing on Indian paramilitary forces that it blamed on Pakistan.

Netscout, a US-based tech company, said it was currently tracking six Indian and three Pakistani advanced persistent threat (APT) groups, which are believed to be state-backed hackers.

A recent threat assessment from the company said that the sheer number of individual campaigns and associated malware samples has "spiked dramatically in recent months".

“Increasing tensions in South Asia have contributed to both countries prioritising intelligence-gathering activities against one another. This has had a domino effect, since neighbouring countries gather intelligence on both in order to keep tabs on the situation.”

While it is often difficult to ascribe cyber attacks to particular countries, the company said it was confident the groups were backed by Delhi and Islamabad and were engaged in “geopolitical skirmishing”.

"We are very confident that they are state sponsored, linked to the governments of both India and Pakistan," Richard Hummel, a threat research manager at Netscout's security division, told The National.

India appeared to run bigger cyber operations, but both sides took part, he said. Indian groups also appeared to target China.

“If you compare the cyber operations, India has a much larger cyber operation than Pakistan does, but you still see this tension back and forth. They are still going to target each other with as much as they can, as often as they can, to gain that leverage.”

The company highlighted four India-linked APTs, nicknamed Lucky Elephant, Donot Team, Patchwork Group and Sidewinder Group, as well as a Pakistani group called Transparent Tribe.

Both sides make heavy use of phishing — trying to dupe targets into opening infected emails, messages or files that will allow the attacker to steal sensitive information like passwords. Android phones are also heavily targeted.

While the rivals cyber attacks are unsophisticated compared to more long-standing threats from Russia, Iran and North Korea, they are quickly becoming more adept.

“We are definitely seeing an sharp rise, not just in the volume, but in the capabilities as well,” said Brian Robison of BlackBerry.

“Whether these attackers are getting more mature and improving their capabilities, or maybe they are even leveraging capabilities that they are obtaining from outside the region, we are definitely seeing a growth in sophistication as well as volume.”

BlackBerry last month said it had found two separate cyber spy campaigns targeting Pakistani officials' smartphones. One campaign used fake apps, including a fake porn app, spread by WhatsApp and social media messages. The campaign was run by a state-backed APT nicknamed Bitter.

BlackBerry did not name the state giving backing, but said Bitter was “known for its relentless espionage campaigns targeting Pakistan” as well as lesser targeting of China, India and Saudi Arabia.

Another campaign linked to an APT called Confucius also used fake mobile apps. Other cyber security researchers have suggested Confucius is linked to an Indian cybersecurity firm founded by former Indian military officers.