Your data isn’t safe: New cyber espionage plot targets India’s top institutions

# News Desk
Representational image | AI-generated image
Representational image | AI-generated image

New Delhi: A new cyber espionage campaign allegedly linked to a Pakistan-aligned hacker group is targeting Indian government portals and academic institutions, raising fresh concerns over digital security in an era of rapid technological advancement and artificial intelligence, a report said.

According to the report, Pakistan-linked hackers have launched a spying operation aimed at Indian government bodies and universities, including strategically important institutions, with the objective of stealing sensitive information using spyware and malware capable of disabling systems.

The campaign was identified by researchers at cybersecurity firm Cyfirma, which said it had uncovered the operational tactics used by the threat actors.

“The operation begins with spear-phishing emails carrying a ZIP archive containing a malicious file disguised as a PDF. Once opened, the file delivers two malware components, dubbed ReadOnly and WriteOnly,” The Record reported, citing details of the breach.

Once installed, the malware embeds itself in the victim’s system and modifies its behaviour based on the antivirus software present, the report said.

Cyfirma said the malware enables remote control of infected machines, allows access to sensitive and classified data, and supports long-term surveillance activities, including taking screenshots, monitoring clipboard activity and activating remote desktop access.

According to the report, the malware can also be used to steal overwritten clipboard data, a technique that may allow attackers to hijack cryptocurrency transactions.

The campaign has been attributed to APT36, also known as Transparent Tribe, a long-running threat actor accused of cyber-espionage against government agencies, military-linked organisations and universities.

While researchers have previously described Transparent Tribe as less technically sophisticated than some rival groups, they have also noted its persistence and ability to evolve tactics over time.

According to the report, APT36 has been active since 2013 and has been linked to cyber-espionage operations targeting government and military organisations in India and Afghanistan, as well as institutions across nearly 30 countries. IANS