Norman Shark Uncovers Indian Cyber Espionage Campaign


Security company Norman Shark recently published a report [PDF file] examining what it describes as a "large and sophisticated cyber attack infrastructure" that appears to be based in India (h/t Help Net Security).

The attacks began three years ago, and while they don't show any clear evidence of state sponsorship, they're primarily aimed at intelligence gathering, with a focus on computers in Pakistan.

"The data we have appears to indicate that a group of attackers based in India may have employed multiple developers tasked with delivering specific malware," Norman Shark head of research Snorre Fagerland said in a statement. "The organization appears to have the resources and the relationships in India to make surveillance attacks possible anywhere in the world. What is surprising is the extreme diversity of the sectors targeted, including natural resources, telecommunications, law, food and restaurants, and manufacturing. It is highly unlikely that this organization of hackers would be conducting industrial espionage for just its own purposes -- which makes this of considerable concern."

Fagerland says the company's investigation uncovered professional project management practices, with malware developers assigned specific tasks and components outsourced to freelance programmers. "Something like this has never been documented before," he says.

The campaign was uncovered during an investigation into recent cyber attacks on Norwegian mobile operator Telenor. Norman Shark analysts apparently discovered a "surprisingly large" number of similar attacks worldwide targeting government, military and business organizations in more than a dozen countries worldwide.

"This type of activity has been associated primarily with China over the past several years but to our knowledge, this is the first time that evidence of cyber espionage has shown to be originating from India," Fagerland says.