Data ex-filtration: Indian group targeting Pakistani, Chinese state institutions
ISLAMABAD: The Cabinet Division has revealed that PatchWork — an Indian Advanced Persistent Threat (APT) group has actively targeted Chinese and Pakistan state institutions for data ex-filtration.
The Division has issued an advisory while saying that APT groups are anonymous threat actors attacking cyber/IT infrastructure of other states to gain unauthorised access/ingress while remaining undetected for an extended period of time.
Usually, these groups (Sidewinder, Bitter, Do Not etc) are Indian state sponsored that often target Pakistan’s Military and civil IT setups. Recently, PatchWork (an Indian APT group) has actively targeted Chinese and Pakistan State Institutions for data ex-filtration.
In this regard, profile, modus operandi, Indicators of Compromise (IoCs) and preventive measures are as under: PatchWork (also known as Mahabusa and White Elephant) is an Indian APT group present in cyberspace since 2015.
The APT group came into the limelight in 2017 when various cyber security researchers identified its modus operandi and nefarious operations.
PatchWork primarily targets Asian Region. It mainly uses spear phishing emails, whaling, social engineering and masquerading techniques (crafted malicious emails, fake rating websites appearing to be legitimate to gain users trust and SM links to download malicious mobile apps) to execute cyber-attacks on regional countries including Pakistan and China.
An APT group may frequently change its techniques, tactics and procedures. However, phishing email remains initial entry point for malicious activities.
In yet another advisory “Cyber Security Advisory – Prevention Against Financial Scam,” stated that a substantial rise in banking/financial scams has been observed using phishing, smishing and vishing techniques.
According to the advisory a copy of which is available with Business Recorder, the scammers introduce themselves as government officials (the FIA, the SBP and Defence Force using fake official landline numbers and logos on WhatsApp DP) through call-cloning services.
Resultantly, online-banking users continuously fall prey primarily due to a lack of cyber security awareness, as well as advanced social engineering tactics used by scammers (call cloning, malicious apps and fake websites). As a result, malicious actors deceitfully withdraw money from user’s accounts.
Financial scammers make use of the following attack vectors to exploit victim’s bank account:
a. Fake Websites – Reference of Army Poverty Alleviation Campaign. Scammers are using spoofed websites appearing to be State Bank of Pakistan legitimate verification website and asking victims to upload personal financial details on website in reference to Pakistan Army Poverty alleviation and Revival of Economy Campaign. Fake website of State Bank of Pakistan for verification being referred is (www.statebankverificaiton.wixsite.com)
b. Social Engineering. Malicious actors masquerade phone numbers or call from unknown mobile phone/compromised WhatsApp number, masked banking official number to the victim acting as a bank employee/manager and ask for Personally Identifiable Information (PII) like internet banking username, CNIC number, debit card number and debit card pin.
After that the malicious actor tactfully enquires the victim whether he/she has received One Time Password (OTP) from bank and asks the user to forward it to the caller directly or by clicking on a WhatsApp link. Armed with this information, malicious actor can easily compromise any bank account and transfer money to potential account or perform online shopping.
c. Anonymity. The attackers use secure and anonymous cyber means to conduct the operation. Due to which, backtracking is a difficult task.
There is no technical solution that can eradicate and detect social engineering completely; however, safe usage of mobile/computer and compliance with security guidelines is the only way forward.
Above in view, cyber awareness campaigns regarding financial scams be arranged at different forums. In addition to it, following protective measures are recommended:
a. Blocking of fake website appearing to be state bank verification website (www.statebankverificaiton.wixsite.com)
b. Scammers are equipped with latest technology for masking official numbers of banks. Users are advised to remain vigilant and call banking helpline themselves, immediately to verify any suspicious call.
c. Never provide sensitive information over phone to anyone, especially passwords. CNIC number and Debit/Credit Card PIN as banks do not ask for such information over phone except when user calls them for activation of debit card or internet banking account.
d. Always pay attention to suspicious numbers that do not look like real mobile phone numbers. Scammers often mask their identity by using email-to-text services to avoid revealing their actual phone number.
e. Be aware of false SMS regarding lottery schemes/Benazir Income Support Programme prize offers; they are all bogus.
f. Genuine SMS messages received from banks usually contain sender ID (consisting of bank’s short name) instead of a phone number in sender information field.
g. All clickable links/SMS to earn money offers are counterfeit; do not fall prey to them.
h. Never trust and reply anonymous emotional SMS as these are all traps.
i. Always use Multi-Factor Authentication (MFA) on Internet Banking Apps, WhatsApp, Social Media and Gmail accounts.
j. Always keep a strong password for email or online account and regularly change passwords to prevent hacking.
k. Always check application permissions before installation of application and install applications from Google/iPhone Play Store only.
l. Before downloading/installing apps on Android devices, review app details, number of downloads, user reviews comments and “additional information” section.
Copyright Business Recorder, 2023
Comments
Comments are closed.