Pakistani military allegedly hacked phones belonging to US, UK, and Australian officials and diplomats
- Surveillanceware tools collected critical data from US, UK, and Australian officials and diplomats.
- The hack, which was allegedly coordinated by Pakistani military members, collected sensitive photos, audio recordings, text messages, and could also disable a phone's reception.
- The victims unknowingly gave access to images of US military hardware, photos of passports, details of diplomatic visits, and letters from senior officials.
- In one instance a phishing message was sent via Facebook Messenger.
The Pakistani military allegedly coordinated a surveillance operation which collected data from US, UK, and Australian officials and diplomats.
Researchers from US mobile-security company Lookout found Western officials were unintentionally caught up in a data-gathering operation which used surveillanceware tools dubbed Stealth Mango (for Android) and Tangel (for iOS).
"These tools have been part of a highly targeted intelligence gathering campaign we believe is
operated by members of the Pakistani military," the report read. "Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians."
According to Lookout, which analyzed 15gb of compromised data, perpetrators largely targeted victims via phishing messages which linked to a third-party Android app store.
Once a surveillanceware app was downloaded it was able to access text messages, audio recordings, photos, calendars, contact lists for apps including Skype, and the phone's GPS location. It also had the ability to detect when a victim was driving and turn off SMS and internet reception during that time.
On at least one occasion the app store URL was sent via Facebook messenger which, according to Lookout, suggests "the attackers are using fake personas to connect with their targets and coerce them into installing the malware onto their devices."
The individuals targeted in this campaign unknowingly gave hackers access to pictures of IDs and passports, the GPS locations of photos, legal and medical documents, internal government communications, and photos of military and government officials from closed-door meetings.
Officials and civilians from the US and Iran, as well as British and Australian diplomats, were not targeted in the operation but their data was compromised after interacting with Stealth Mango victims.
Some of the victims' compromised data included:
- A letter from the United States Central Command to the Afghanistan Assistant Minister of Defense for Intelligence
- A letter from the High Commission for Pakistan to the United States Director of the Foreign Security Office Ministry of Foreign Affairs
- Details of visits to Quetta, Balochistan, Pakistan by Australian Diplomats
- Details of visits to Quetta, Balochistan, Pakistan by German Diplomats
- Photos of Afghan and Pakistani military officials
It's unknown when Stealth Mango was launched, but its latest release was made in April 2018.
Lookout believes it was created by freelance developers with physical presences in Pakistan, India, and the United States, but actively managed by actors in Pakistan who are most likely members of the military.
The main developer is thought to be a full-time app creator. Lookout suspects he once worked for a company based in Sydney, Australia. On LinkedIn, most of the company's employees are based in Pakistan.
When contacted by Lookout, Google said the apps used in this operation were not available on the Google Play Store, but "Google Play Protect has been updated to protect user devices from these apps and is in the process of removing them from all affected devices."
- 911 dispatchers say skiers are accidentally setting off Apple's new crash-detection technology without realizing, triggering emergency calls
- The rally in stocks will trick investors into thinking the bear market is over, but there's still a case for the S&P 500 to fall another 26% next year, Morgan Stanley's Mike Wilson says
- Adani may be the richest Indian but Ambani’s RIL retains the top spot on Hurun's list of most valuable companies
- Here are the best apps and games on Google Play in India 2022
- Top 10 companies with the highest net profit in India as per Hurun 2022 list
- Rupee gains 8 paise to close at 81.22 against US dollar
- BYJU’s, Zomato, Dream11 among India’s most valuable PE/VC-funded companies as per Hurun
- GST revenues rose by 11% to ₹1.46 lakh crore in November: Finance Ministry
- Dharmaj Crop IPO
- Reliance Jio
- Whatsapp tips
- Air India crew guidelines
- Mukesh Ambani
- tata Consumer
- Highest Revenue companies
- New Cars in December 2022
- Best Companies for Work
- India's Richest People
- VerSe Innovation Company
- Top Valuable unlisted Company
- Tata Tiago cng vs Alto k10 cng
- Top 10 Colleges in India
- Top 10 Airlines in World