Pakistan-Linked Hacker Group Exploits CO.VID-19 Fear To Attack Indians, Posing As The Indian Government

Aadhya Khatri


The same hacker group also carried out an attack targeting Indian diplomats in Kazakhstan, Saudi Arabia, as well as officials in the military back in 2016

A hacker group, with links to Pakistan, are pretending to be the Indian government and sending malware-ridden emails to people, most of them are in India.

The content of these emails mostly contain fake health advisories regarding CO.VID-19. Those who are tricked into opening the links in the documents will unintentionally give the hackers access to sensitive information stored on the browser like passwords, location data, and credit card information.

The malware is called CRIMSON RAT and it was deployed once in 2016 by the same hacker group to hack Indian diplomats .

Malwarebytes, an anti-malware software developer based in the U.S, reported the attack on March 16. They found the ‘gov.in’ email URL, which may trick receivers into believing that the emails were from the government.

These emails feature an attachment concerning trainees from foreign countries coming to India and how to curb the spread of CO.VID-19 at training facilities.

Another company, Subex, which keeps an eye on cyber threat, had intercepted suspicious emails from the same hacker group. The latest was on April 9, as stated by Prayukth K.V, the company’s Internet of Things marketing head.

These emails feature an attachment concerning trainees from foreign countries coming to India and how to curb the spread of COVID-19 at training facilities

Subex said the email they intercepted was about the response plan for the CO.VID-19 pandemic. It was from ‘home.min@gov.in,’ which may fool people into believing that the email was from the Home Ministry. However, the department email address ends in either ‘nic.in, or ‘mha.gov.in.’

The hacker group behind this attack is linked to Pakistan and it was identified by ProjectM, TEMP.Lapis, Operation Transparent Tribe, Mythic Leopard, and other names in the cybersecurity community.

Subex said the email they intercepted was about the response plan for the CO.VID-19 pandemic

The same group carried out an attack targeting Indian diplomats in Kazakhstan and Saudi Arabia, as well as officials in the military to steal sensitive data. It was made public by Proofpoint, a cybersecurity company in the U.S.

>>> Indian Developers Earn Significantly Less Than Their Counterparts In Pakistan And The U.S

Next Story