Connect with us

Hi, what are you looking for?



Attackers Target Indian Military in Data-Theft Campaign

A group of attackers believed to be from Pakistan has been targeting Indian military personnel in a data theft campaign involving social engineering and unsophisticated malware.

A group of attackers believed to be from Pakistan has been targeting Indian military personnel in a data theft campaign involving social engineering and unsophisticated malware.

The operation, dubbed “C-Major,” was uncovered by Trend Micro researchers while observing other targeted attacks. Experts discovered that the attackers managed to steal information from at least 160 military officers, attachés, consultants and resellers from India, including copies of passports and photo IDs, financial information, strategy and tactical documents, and personal photographs.

According to the security firm, the attacks started with a bogus email sent to the targeted individual. The emails purport to come from organizations such as India’s Ministry of Defense and they’re designed to trick recipients into opening an attached file that looks like a harmless document.

Once the document is opened, an Adobe Reader vulnerability is exploited and a Trojan is dropped onto the victim’s system. The said piece of malware allows attackers to log keystrokes, steal passwords, record audio, steal files and capture screenshots.

Researchers determined that the attackers are not very sophisticated because the malware is compiled into a Microsoft Intermediate Language (MSIL) binary using Visual Studio, which allows for the Trojan to be easily decompiled.

The malware’s source code contained information on its command and control (C&C) servers, which, as Trend Micro discovered, had open directories where more than 16Gb of stolen information was stored.

One of the C&C servers, whose address had been hardcoded in the malware, was located in Pakistan, and used for both Windows and mobile versions of the threat. The same server is believed to have been used in an espionage operation aimed at the Android devices of Indian military personnel.

Advertisement. Scroll to continue reading.

The fact that the server is located in Pakistan has led researchers to believe that at least some members of the hacker group are from this country, but Trend Micro says it hasn’t found any evidence that the data-theft campaign is sponsored by a nation state.

Another piece of evidence that has led experts to believe that the attackers are based in Pakistan is that the malware samples used by the group have been uploaded to VirusTotal and scanned multiple times from a user ID tied to Pakistan.

This campaign shows that even less sophisticated attackers can carry out successful operations, experts said.

“For those in charge of defending a corporate or organization network, this attack reinforces the fact that any user, regardless of rank or position, is susceptible in becoming the organization’s weakest security link,” Trend Micro said in a report detailing Operation C-Major. “As such, while network defenders should be prepared to help prevent, or minimize the damage of attacks, people who use the said network should likewise be knowledgeable of threats that could possibly come. The need for proper user awareness training is clear.”

Related: Cybercriminals Target Bank Accounts of Firms in UK, US, India

Related: LeChiffre Ransomware Hits Indian Banks, Pharma Company

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.