According to the San Francisco-based cybersecurity firm, a team of hackers linked to the Indian military used mobile surveillance devices to spy on sensitive targets in Pakistan and Kashmir.
The hacking group is called Confucius and is known to run legitimate web applications and services in South Asia, and to embed surveillance and malware tools into spyware applications and services.
According to the Lookout report, Confucius repeatedly targeted officials from the Pakistan Armed Forces, Pakistan Nuclear Regulatory Agency and Pakistan Atomic Energy Commission between 2017 and 2020.
The hacker group tricked victims into installing the first web application masquerading as security tools and applications. They then hacked into the victim’s device and retrieved data, including recorded phone calls, call logs, contacts, geolocation, pictures and voice memos.
The mobile devices of 156 top Pakistani officials were targeted and their data stored on unsecured servers. Lookout researchers recently discovered the server and found that most of the users with access to that data are based in northern India.
Reconnaissance intelligence engineer Apurwa Kumar said Confucius’s technical tools and malware lacked sophistication, but that threat actors invested human time in gaining trust in their targets. And in some sensitive areas where people are more careful, it makes all the difference.