Pakistani military allegedly hacked phones belonging to US, UK, and Australian officials and diplomats
- Surveillanceware tools collected critical data from US, UK, and Australian officials and diplomats.
- The hack, which was allegedly coordinated by Pakistani military members, collected sensitive photos, audio recordings, text messages, and could also disable a phone's reception.
- The victims unknowingly gave access to images of US military hardware, photos of passports, details of diplomatic visits, and letters from senior officials.
- In one instance a phishing message was sent via Facebook Messenger.
Researchers from US mobile-security company Lookout found Western officials were unintentionally caught up in a data-gathering operation which used surveillanceware tools dubbed Stealth Mango (for Android) and Tangel (for iOS).
The Pakistani military allegedly coordinated a surveillance operation which collected data from US, UK, and Australian officials and diplomats.
"These tools have been part of a highly targeted intelligence gathering campaign we believe is
operated by members of the Pakistani military," the report read. "Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians."
Once a surveillanceware app was downloaded it was able to access text messages, audio recordings, photos, calendars, contact lists for apps including Skype, and the phone's GPS location. It also had the ability to detect when a victim was driving and turn off SMS and internet reception during that time.
The individuals targeted in this campaign unknowingly gave hackers access to pictures of IDs and passports, the GPS locations of photos, legal and medical documents, internal government communications, and photos of military and government officials from closed-door meetings.
Officials and civilians from the US and Iran, as well as British and Australian diplomats, were not targeted in the operation but their data was compromised after interacting with Stealth Mango victims.
Some of the victims' compromised data included:
- A letter from the United States Central Command to the Afghanistan Assistant Minister of Defense for Intelligence
- A letter from the High Commission for Pakistan to the United States Director of the Foreign Security Office Ministry of Foreign Affairs
- Details of visits to Quetta, Balochistan, Pakistan by Australian Diplomats
- Details of visits to Quetta, Balochistan, Pakistan by German Diplomats
- Photos of Afghan and Pakistani military officials
Lookout believes it was created by freelance developers with physical presences in Pakistan, India, and the United States, but actively managed by actors in Pakistan who are most likely members of the military.The main developer is thought to be a full-time app creator. Lookout suspects he once worked for a company based in Sydney, Australia. On LinkedIn, most of the company's employees are based in Pakistan.
- Kerala's COVID-19 test positivity rate reaches 27.28% with over 42,000 new cases today
- Adani Power registers profits after a disappointing loss-making quarter last year
- Star India Network garnered a cumulative reach of 352 million in the first 26 matches
- Rabindranath Tagore Jayanti 2021: Remembering some of his greatest words
- Non-residents will have to pay tax in India if transactions exceed ₹2 crore