It seems the Pakistan Armed Forces (PAF), the most powerful Muslim fighting force in the world, is a mere minnow when it comes to cybersecurity.
In an embarrassing episode, state-sponsored hackers broke into supposedly secure cybersystems of the Pakistan Air Force, other military units and elements of the Pakistani government in 2017 and were only recently detected.
American cybersecurity firm Cylance, Inc. based in California reported that a nation-state Advanced Persistent Threat (APT) group it christened the "White Company" hacked into various elements of Pakistan's military and intelligence networks.
This group, which Cylance and other cybersecurity firms say bears the hallmarks of hackers trained in the American way of hacking, broke into secure Pakistani servers to steal data and to openly harass the Pakistani government. Cylance first identified the attack in 2017 and says the hack might still present a threat to the Pakistani government, as well as other entities in the Asian subcontinent.
What makes this sophisticated attack worrisome is the fact Pakistan is a nuclear-armed state. Cylance said that in its judgment, "targeting the (Pakistani) military is also particularly concerning."
Cylance described Pakistan as a pivotal country not just in South Asia but in global affairs. Pakistan is also a linchpin in U.S.-led efforts to fight terrorist groups like the Taliban, al-Qaida and the Haqqani network.
White Company used the computer of an unwitting Belgian locksmith as a command-and-control server to spear-phish Pakistani Air Force officers using exploit-laden Microsoft Word documents for more than six months last year.
Western cybersecurity experts described White Company's attack as having incredibly sophisticated layers of misdirection used by the malware to mislead and delay forensics analysis. This sophistication worries security researchers, who say these attack tools can be deployed against anyone else in the world at any time.
Based on cyber fingerprints, the new APT is likely Middle Eastern. The tactics, techniques, and procedures (TTPs) used, however, indicate U.S.-trained intelligence operatives. This astounding discovery raises the possibility that ex-U.S. intelligence operatives have gone rogue and are building a new APT group for a Middle Eastern nation.
Experts said the new APT's malware goes to extreme lengths to evade detection. It includes the ability to detect and hide from eight different antivirus products, including Sophos, Kaspersky, AVG, and BitDefender (none of which, by the way, are American-made).
The malware evaded antivirus detection but let itself be discovered by different antivirus vendors on pre-programmed dates as part of a distraction tactic. This threat actor has figured out how to determine what antivirus is running on a system and deliberately triggers it in an attempt to distract the users.
Experts said this level of sophistication should be concerning to organizations outside of Pakistan.
