Pakistani military allegedly hacked phones belonging to US, UK, and Australian officials and diplomats
- Surveillanceware tools collected critical data from US, UK, and Australian officials and diplomats.
- The hack, which was allegedly coordinated by Pakistani military members, collected sensitive photos, audio recordings, text messages, and could also disable a phone's reception.
- The victims unknowingly gave access to images of US military hardware, photos of passports, details of diplomatic visits, and letters from senior officials.
- In one instance a phishing message was sent via Facebook Messenger.
Researchers from US mobile-security company Lookout found Western officials were unintentionally caught up in a data-gathering operation which used surveillanceware tools dubbed Stealth Mango (for Android) and Tangel (for iOS).Advertisement
The Pakistani military allegedly coordinated a surveillance operation which collected data from US, UK, and Australian officials and diplomats.
"These tools have been part of a highly targeted intelligence gathering campaign we believe is
operated by members of the Pakistani military," the report read. "Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians."
Once a surveillanceware app was downloaded it was able to access text messages, audio recordings, photos, calendars, contact lists for apps including Skype, and the phone's GPS location. It also had the ability to detect when a victim was driving and turn off SMS and internet reception during that time.
The individuals targeted in this campaign unknowingly gave hackers access to pictures of IDs and passports, the GPS locations of photos, legal and medical documents, internal government communications, and photos of military and government officials from closed-door meetings.
Officials and civilians from the US and Iran, as well as British and Australian diplomats, were not targeted in the operation but their data was compromised after interacting with Stealth Mango victims.
Some of the victims' compromised data included:
- A letter from the United States Central Command to the Afghanistan Assistant Minister of Defense for Intelligence
- A letter from the High Commission for Pakistan to the United States Director of the Foreign Security Office Ministry of Foreign Affairs
- Details of visits to Quetta, Balochistan, Pakistan by Australian Diplomats
- Details of visits to Quetta, Balochistan, Pakistan by German Diplomats
- Photos of Afghan and Pakistani military officials
Lookout believes it was created by freelance developers with physical presences in Pakistan, India, and the United States, but actively managed by actors in Pakistan who are most likely members of the military.The main developer is thought to be a full-time app creator. Lookout suspects he once worked for a company based in Sydney, Australia. On LinkedIn, most of the company's employees are based in Pakistan.Advertisement
When contacted by Lookout, Google said the apps used in this operation were not available on the Google Play Store, but "Google Play Protect has been updated to protect user devices from these apps and is in the process of removing them from all affected devices."
- Delhi's own school education board to be operational by next year — but won’t be simply imposed on government schools
- India's Railway Police station returns a man's wallet lost 14 year ago
- The largest AI language model ever created can think, read and write like a human — but it can mess up like a human too
- Mahinda Rajapaksa takes oath as the Prime Minister of Sri Lanka for the fourth time
- IN PICS: Devastating images of floods wreaking havoc in Karnataka, Kerala, Uttar Pradesh and Assam