Pakistan hackers spy on South Asian military

One of these campaigns is attributed to state-linked hackers in Pakistan who are using fake apps and websites to compromise the personal devices of military personnel in both Pakistan and India.

This group has been operating since 2015 and has a history of using the GravityRAT spyware. Bahamut APT and Patchwork APT are two other groups identified in the report, both of which have an intelligence-gathering focus and a particular interest in military personnel, government employees, and activists.

All three of the groups identified in the report have relied heavily on social engineering, using elaborate fictitious personas and backstops across the internet to withstand scrutiny by their targets, platforms, and researchers.

The Pakistan-based group has used traditional lures to trick victims, such as posing as women seeking romantic connections, as well as pretending to be recruiters, journalists, or military personnel. The report highlights that the use of social engineering allows these hackers to avoid investing in developing sophisticated malware.

Cheaper, low-sophistication malware can be highly effective in targeting people when used together with social engineering.

The report highlights that the Patchwork APT campaign is similar to the other groups in that it is targeting military personnel, activists, and minority groups across several countries in the region. Patchwork is described as an Indian threat actor, although its activities have not been attributed to the Indian government.

Bahamut APT was identified targeting people in Pakistan and India, including the Kashmir region, with a particular interest in military personnel, government employees, and activists.

The report does not provide the name of the Pakistan-based group identified in the report. Meta has taken action against a number of accounts linked to these groups on its platforms.