Search This Blog

Showing posts with label Pakistan. Show all posts

Here's a Quick Look at How Pakistani Counterfeiters Helped Russian Operatives

 

One company stood out in a cascade of U.S. sanctions imposed on Thursday on Russian cybersecurity companies and officials allegedly acting on behalf of the Kremlin intelligence in Karachi, Pakistan: ‘A fresh air farm house’. 

The Farm House, whose Facebook page reveals a waterpark-equipped vacation rental, is run by 34-year-old Mohsin Raza, considered one of two founders of an internet faux ID enterprise that prosecutors say helped Russian operatives get a toehold in the United States. 

According to a U.S. Treasury assertion and an indictment issued this week by federal prosecutors in New Jersey, Raza operated a digital faux ID mill, churning out photographs of doctored drivers’ licenses, bogus passports, and cast utility payments to assist rogue shoppers to go verification checks at U.S. fee firms and tech corporations. 

Reuters reached Raza in Pakistan at a telephone number offered by the US Treasury's sanctions record. He confirmed his identity and acknowledged being a digital counterfeiter, saying he used "simple Photoshop" to change ID cards, bills, and other documents to order. Raza – who stated he is additionally dabbled in graphic design, e-commerce and cryptocurrency – denied any wrongdoing, saying he was merely serving to individuals entry accounts that they’d been frozen out of.

Among his clients, the New Jersey indictment alleges was a worker of the Internet Research Agency – a notorious Russian troll farm implicated by U.S. investigators, media experiences, leaked paperwork, and former insiders in efforts to intrude in U.S. elections. The IRA worker used Raza’s companies in 2017 to obtain cast drivers’ licenses to assist the identification of pretend accounts on Facebook, based on the indictment. 

Facebook didn’t instantly provide any remark. Raza stated he did not observe who used his service. He stated inspiration for his enterprise got here a number of years in the past when a PayPal account which he had opened beneath an alias was locked, trapping a whole lot of {dollars} he’d obtained for optimizing on-line search outcomes. 

Money earned from the fake ID business was poured into the construction of the Fresh Air Farm House, Raza said. The facility, which features three bedrooms, a playing field, a water slide, and a BBQ area, is now on a US list of sanctioned entities alongside Russian oligarchs and defense contractors. Raza's business is an example of how transnational cybercrime can serve as a springboard for state-sponsored disinformation, said Tom Holt, who directs the School of Criminal Justice at Michigan State University. 

The alleged use by Russian operatives of a Pakistani fake ID merchant to circumvent American social media controls "highlights why this globalized cybercrime economy that touches so many areas can be a perfect place to hide - even for nation-states," he said.

APT36: A Pakistani Hacking Group, Strengthens Its Operations and Finds New Targets


Famous as APT36, Transparent Tribe is a hacking group that works from Pakistan. APT36 is infamous for monitoring and spying over government activities and military operations in Afghanistan and India. As per the latest reports, APT36 has now strengthened its workforce with better tools and strategies

About the incident 

APT36 usually focuses on using the same TTP (tactics, techniques, and procedures) except in a few cases where it uses different strategies for unique programs.


Some key highlights-

  • According to the reports, APT36 has sharpened its tools and activities. It involves attacking campaigns on a much larger scale and specifically targeting Afghanistan. 
  • Usually, APT36 uses 'custom.net' malware, commonly known as 'crimson rat.' APT36 has been using other malware recently, including python-based 'Peppy rat.' 
  • In the period between June2019-June2020, 200 samples were collected, which showed the Transparent Tribe Commission's components. 

Mode of operation 

  • APT36 uses spear-phishing emails containing MS-Office files, which are encoded with the malware. After successful execution, the malware can steal sensitive information, private credentials, capture screenshots, steal logs and keys, and regulate the microphone and webcam. 
  • Besides this, APT36 also uses the USBworm. It is a multipurpose malware that can steal information and function as a worm to attack any network and exploit vulnerabilities. 


APT36 attacks


  • APT36 attacked Indian railways in June and stole important information 
  • Earlier this year, APT36 deployed spear-phishing emails, posing to work as an authentic communication of government of India 
  • Cybersecurity experts have observed that APT36's primary targets include military and diplomacy from the past one year. According to them, the attacks will not decrease in the foreseeable future; on the other hand, they expect it to rise. 

According to Kaspersky's report, "we found two different server versions, the one being a version that we named "A," compiled in 2017, 2018, and 2019, and including a feature for installing the USBWorm component and executing commands on remote machines. The version that we named "B" was compiled in 2018 and again at the end of 2019. The existence of two versions confirms that this software is still under development, and the APT group is working to enhance it."

Radio Pakistan Website hacked


The website of state broadcasters Radio Pakistan was hacked for a brief period of time on Sunday and was restored successfully. The hackers displayed the following message on the website

“Hello Admin, you are very secured. Appreciated your security. We got an eye on you. Expect us. Pakistan zindabad.”

According to the reports, the group of hackers who call themselves ‘Crash Rulers’ have accepted the ownership of the attack. The news of the hacking was released on twitter through the twitter handle name @TheCrashRulers.

The user behind the twitter handle which led to the attack has not been known yet. According to the tweets by the same twitter handle over the last three months, it claims to have attacked various government agency websites, business websites, some of them includes Public Procurement Regulatory Authority Pakistan, Pakistan Cricket Board, Bahauddin Zakariya University and Zoom Petroleum Pakistan among others.

Though the claims have not been authenticated yet.