216.73.217.22

New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware

· Published 06/05/2024 08:47 · Modified 06/05/2024 09:29

Export JSON

Essential information

Published
06/05/2024 08:47
Modified
06/05/2024 09:29
Tags
2024-05-03 2024-05-04 2024-05-05 2024-05-06 android craxs rat defense espionage india malware pakistan spynote
Related entities
3 observables, 1 intrusion sets (apt), 2 malware, 4 others

Description

CYFIRMA researchers identified an campaign, active for over a year, targeting Indian personnel by an unidentified -based cyber group. The threat actor utilized or a modified version called , obfuscating the app with high complexity. Through social engineering tactics like impersonating senior officers and distributing the via WhatsApp, the group aimed to gain access to victims' contacts, call logs, SMS, and potentially screen monitoring capabilities.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (3)

  • 38.92.47.116
  • 6c9a7e15d666fd61f62f1802d79782753ba25aaa76ecc86401658807f5d41503
  • 78625e72074eee611866ab04ae1935f2152ed695d3adcd68061d10386170668b

Intrusion sets (APT) (1)

Malware (2)

  • Craxs RAT
    Family
    Published 04/11/2024 22:11 · Modified 04/11/2024 22:11
  • SpyNote
    Family
    Published 27/08/2025 16:22 · Modified 27/08/2025 16:22

Others (4)

  • British Indian Ocean Territory
  • India
  • Pakistan
  • Defense

External references