• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

TidePool malware targets Indian personnel worldwide

Updated on May 23, 2016 by Guest Authors

If you are a personnel at any Indian embassy across the world, you should be cautious when surfing the Internet after the discovery of a new family of malware called TidePool that security researchers at Palo Alto Networks believe is an evolutionary product of the old Operation Ke3chang.

At the moment, it is hard to conclude with finality that TidePool is a direct descendant of Operation Ke3chang, but researchers have found key evidence that points to the relation of TidePool to Ke3chang based on the malware’s behavior. One particular piece of indication that Ke3chang is tied to TidePool is the target: Ke3chang previously was used to launch a cyber attack against the Ministry of Affairs of India following still recent attacks against the nation’s government.

india-hack

According to Palo Alto Networks, the attackers behind TidePool have been using spear phishing email campaigns to hit a number of Indian embassies across the globe. The emails purport to contain an annual report filed by the employees at more than 30 embassies of India from different countries.

The attackers are also using email addresses that appear to belong to legitimate people who have connections with the Indian embassies so that the spear phishing emails look authentic as though they were sent by the legitimate sources. Once the Indian embassy recipients perceive an email to be legit, they are more likely to open the message than ignore it.

Palo Alto Networks’ researchers also reported that the attackers are taking advantage of a new hole in executing their attacks using TidePool. The new vulnerability allows for a couple of changes in a computer’s registry and a surge in a network’s command and control traffic due to what the researchers say as an evolution in the codebase of Ke3chang into TidePool.

The Ke3chang vulnerability saw the light of day in September 2015 that also contained malicious document. But in contrast to Ke3chang, the TidePool exploit carrier document is sent as an MHTML document that comes in the form of a Microsoft Word file. The TidePool malware family is designed to let attackers through the firewall and view and change files and folders.

TidePool also proceeds to steal information pertaining to the computer and transmits the data to a remote Command and Control server through a connection that is closely tied to a malware family employed by the authors of the Ke3chang malware.

What’s most striking about this malware is that there seems to be little attention given to it by most security vendors, except Palo Alto Networks, of course. Now that it appears to be persistent in its attacks, it is high time that the IT departments raised their alarm.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Hohem iSteady Mobile Plus Gimbal Stabilizer Review – Upgrade Your Phone Videography On A Budget

Airdog X5 Air Purifier Review – Is TPA Better Than HEPA Filter?

Welock Touch43 Fingerprint Smart Lock Review

HeyChy Deep Tissue Massage Gun Review

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Secure Your Home With SECURAM
  • C3STROM ASTRO PRO – An E-Bike with Classic Rebel Motorcycle and Modern Ride
  • Bluetti AC500 & B300S Hit Canada Market During 2023 New Year Sale
  • Hohem iSteady Mobile Plus Gimbal Stabilizer Review – Upgrade Your Phone Videography On A Budget

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}