The international phishing expedition looking to hook India’s big fish

The international phishing expedition looking to hook India’s big fish 

An email is received by many serving and retired officers from an official email address of a senior serving officer inviting all for a lunch…..

The Indian army soldiers were targeted through phishing attack. When the officers clicked on the link in their mail it downloaded an app containing an assortment of circulars and news related to the Indian army. That, however, was just an eyewash. Its true purpose was to unleash malware, which would course through the victim’s computer or phone, stealing everything from WhatsApp chats to SMSes and media files. This malware, if left unchecked, could stay on a target’s system indefinitely, constantly pilfering sensitive data. The data was being transmitted to a command-and-control centre in the Netherlands—the source of the phishing attack. The hackers made use of the country’s many ‘bulletproof hosting’ services, which essentially allow hackers to securely host malicious content which can be used to carry out cyber-attacks. These servers, which were paid for in Bitcoin, were accessed from Karachi, Pakistan.



What Happened:

  • Hackers first compromised the email credentials of a serving officer
  • Used it to send malware-laden emails to other officers.
  • Coming from a high-ranked official and from an official ID, few suspected anything was amiss.
  • They opened the mail and downloaded the attachment.

Vulnerability that needs to be plugged (WeSeSo’s Opinion):

  • On individual basis: Strong password of all accounts & regular change in password, Enabling of 2-Factor authentication


  • On NIC level: Since it manages Govt mail servers, needs more technical controls to detect and prevent spoofing of mails or sender’s geography detection and suspicion.

 By - Cdr KK Chaudhary (Retd)

0 11