Escalating Cyber Threats: Pakistan-Based Hackers Target Indian Government Systems Amid Elections

As India approaches the final phase of its general elections, a new threat looms over the nation’s cybersecurity landscape. Cybersecurity experts have uncovered a surge in cyberattacks originating from Pakistan, specifically targeting crucial Indian government and military entities. This alarming escalation highlights the need for heightened vigilance and robust cybersecurity measures to protect national security and democratic processes.

APT Groups: The Orchestrators of Cyber Threats
Seqrite, the enterprise arm of Quick Heal Technologies, has reported an increase in cyberattacks by Pakistan-linked Advanced Persistent Threat (APT) groups. Leading this offensive is SideCopy, a notorious Pakistan-based APT group known for its persistent targeting of South Asian countries. Since 2019, SideCopy has focused on compromising Indian defense and government organizations.

APT attacks are meticulously planned and executed to infiltrate target organizations while evading existing security measures. Seqrite identified three distinct campaigns by SideCopy, each deploying two instances of the AllaKore remote access trojan (RAT) as the final malicious payload.

The Role of Transparent Tribe (APT36)
Another key player in these cyber offensives is Transparent Tribe, also known as APT36. This parent APT entity of SideCopy has been relentlessly targeting India since its emergence in 2013. Transparent Tribe uses advanced variants of the Crimson RAT, a sophisticated .NET-based remote access tool designed for extensive system control and persistent access.

"The intensifying cyberattack campaigns spearheaded by these Pakistani APT groups represent a severe and escalating threat to our national security, especially in light of the ongoing general elections," a Seqrite report emphasized. This highlights the urgent need for a coordinated and proactive cybersecurity posture across all critical infrastructure to safeguard the integrity of India’s democratic processes.

Modus Operandi: How the Attacks Unfold
The infection chains of these attacks typically begin with carefully crafted spear-phishing emails containing malicious attachments or links. These emails exploit vulnerabilities to gain initial footholds within target networks. Once compromised, these entry points are leveraged to deploy an array of malware payloads, including the AllaKore and Crimson RATs. These tools grant attackers extensive remote control and unfettered access to infected systems.

A Call for Robust Cybersecurity Measures
The persistent targeting of Indian government and defense entities by Pakistani APT groups is not a new phenomenon. However, the recent surge in attack volumes and the increasing sophistication of their Tactics, Techniques, and Procedures (TTPs) represent a substantial escalation in the evolving cyber threat landscape.

Seqrite strongly advises organizations, particularly those involved in the electoral process, to prioritize robust cybersecurity measures immediately. Recommended actions include:

Regular Software Updates: Ensuring all systems are up-to-date with the latest security patches.
Advanced Email Filtering and Web Security Solutions: To mitigate phishing attempts and malicious web content.
Comprehensive Security Awareness Training: Educating employees to identify and mitigate social engineering tactics.

Multi-Factor Authentication Mechanisms: To enhance access security.
Regular Security Assessments and Penetration Testing: To identify and address vulnerabilities.
Comprehensive Incident Response Plans: To minimize the impact of successful breaches.
As the cybersecurity landscape continues to evolve, proactive measures are crucial in defending against sophisticated cyber threats. The escalating cyberattacks from Pakistani APT groups serve as a stark reminder of the importance of cybersecurity in protecting national security and the democratic process.