Unveiling an Indian Cyberattack Infrastructure - a special report

On March 17, 2013 a Norwegian newspaper reported that the country’s telecommunications giant Telenor had filed a criminal police case for an unlawful computer intrusion. Spear phishing emails targeting upper management appeared to be the source of the infection.  Through extensive analysis, security analysts at Norman Shark, in conjunction with our partners, quickly uncovered a previously unknown and sophisticated infrastructure for targeted attacks.

Our report details a sophisticated cyberattack infrastructure that appears to originate from India, conducted by private threat actors with no evidence of state-sponsorship.  It has likely been in operation for over three years, primarily as a platform for surveillance against targets of national security interest that are mostly based in Pakistan and possibly in the United States. It is also used for industrial espionage against the Norwegian telecom corporation Telenor and other civilian corporations. Evidence points to professional project management and outsourcing of key tasks, including some by freelance programmers.

Download the report to learn more

Norman HangOver report (Executive Summary)
Unveiling an Indian Cyberattack Infrastructure
Unveiling an Indian Cyberattack Infrastructure (Appendixes)