Tag Archives: Cyber Security

New York governor wants credit-reporting firms to follow cyber rules

Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell

By Diane Bartz and Suzanne Barlyn

WASHINGTON/NEW YORK (Reuters) – New York Governor Andrew Cuomo said on Monday that he wants credit-reporting firms to comply with the state’s cyber-security regulations, the latest government official to crack down on the industry in the wake of the massive Equifax hack.

Also on Monday, Bloomberg News reported that federal authorities have opened a criminal probe into stock sales by three Equifax Inc <EFX.N> executives before the company disclosed the massive data breach, news that has weighed heavily on the stock price.

The company has said the executives were unaware of the hack when they sold the stock for $1.8 million.

Equifax’s legal woes worsened as the U.S Attorney’s office in Atlanta issued a statement saying it was working with the FBI on a criminal investigation into the breach and theft of personal information.

Equifax shares rose 1.5 percent on Monday after losing about a third of their value since the hack was announced. The Equifax breach discovered on July 29 exposed sensitive data like Social Security numbers of up to 143 million people.

Cuomo said he planned to require all credit-reporting agencies to register with the state and comply with its cyber-security rules.

The proposed regulation would take effect in February, Cuomo said in a statement. If the companies do not register, they risk being barred from doing business with financial companies regulated by New York state.

The state would be able to bar credit-reporting agencies, including TransUnion <TRU.N> and Experian Plc <EXPN.L>, as well as Equifax, from doing business in New York if the state found they engaged in “unfair, deceptive or predatory practices,” Cuomo said.

“The Equifax breach was a wake-up call,” Cuomo said. “And with this action, New York is raising the bar for consumer protections that we hope will be replicated across the nation.”

Proposed regulations are typically subject to a period for public comment before they become final.

A New York state cyber-security regulation, the first of its kind in the United States, took effect on March 1. It requires financial firms to take measures to protect networks and customer data from hackers and disclose cyber events to regulators.

Maine is the only U.S. state that requires credit agencies to register, said William Lund, superintendent of the Maine Bureau of Consumer Credit Protection. But its law does not cover cyber security, an issue the bureau will have to consider, Lund said.

Maine, which has been registering credit-reporting agencies since the 1990s, has 30 such agencies on its roster, ranging from the largest to those dealing with everything from check approval to tenants’ rental histories, he added.

The three credit-reporting agencies did not respond to requests for comment on Cuomo’s plan.

Bloomberg reported on Monday that the U.S. Justice Department is investigating whether Equifax’s chief financial officer, John Gamble, and two other executives broke insider-trading rules by selling stock after the breach was discovered in July and weeks before it was disclosed this month.

Reuters was not able to confirm the Bloomberg report.

Separately, the company issued a statement saying a second Bloomberg report late on Monday about a second cyber attack in March referred to a breach at Equifax payroll unit that was previously reported to regulators, customers and consumers and also been covered by the press.

“Equifax complied fully with all consumer notification requirements related to the March incident. The two events are not related,” the statement said.

(Reporting by Diane Bartz and Suzanne Barlyn; Additional reporting by Sarah N. Lynch, David Shepardson and Dustin Volz; Editing by Jim Finkle, Leslie Adler and Michael Perry)

Equifax two top technology executives leave company ‘effective immediately’

FILE PHOTO: Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell

By Dustin Volz and Diane Bartz

WASHINGTON (Reuters) – Equifax said on Friday that it made changes in its top management as part of its review of a massive data breach, with two technology and security executives leaving the company “effective immediately.”

The credit-monitoring company announced the changes in a press release that gave its most detailed public response to date of the discovery of the data breach on July 29 and the actions it has since taken.

The statement came on a day when Equifax’s share price continued to slide following a week of relentless criticism over its response to the data breach,

Lawmakers, regulators and consumers have complained that Equifax’s response to the breach, which exposed sensitive data like Social Security numbers of up to 143 million people, had been slow, inadequate and confusing.

Equifax on Friday said that Susan Mauldin, chief security officer, and David Webb, chief information officer, were retiring.

The company named Mark Rohrwasser as interim chief information office and Russ Ayres as interim chief security officer, saying in its statement, “The personnel changes are effective immediately.”

Rohrwasser has led the company’s international IT operations, and Ayres was a vice president in the IT organization.

The company also confirmed that Mandiant, the threat intelligence arm of the cyber firm FireEye, has been brought on to help investigate the breach. It said Mandiant was brought in on Aug. 2 after Equifax’s security team initially observed “suspicious network traffic” on July 29.

The company has hired public relations companies DJE Holdings and McGinn and Company to manage its response to the hack, PR Week reported. Equifax and the two PR firms declined to comment on the report.

Equifax’s share prices has fallen by more than a third since the company disclosed the hack on Sept. 7. Shares shed 3.8 percent on Friday to close at $92.98.

U.S. Senator Elizabeth Warren, who has built a reputation as a fierce consumer champion, kicked off a new round of attacks on Equifax on Friday by introducing a bill along with 11 other senators to allow consumers to freeze their credit for free. A credit freeze prevents thieves from applying for a loan using another person’s information.

Warren also signaled in a letter to the Consumer Financial Protection Bureau, the agency she helped create in the wake of the 2007-2009 financial crisis, that it may require extra powers to ensure closer federal oversight of credit reporting agencies.

Warren also wrote letters to Equifax and rival credit monitoring agencies TransUnion and Experian, federal regulators and the Government Accountability Office to see if new federal legislation was needed to protect consumers.

Connecticut Attorney General George Jepsen and more than 30 others in a state group investigating the breach acknowledged that Equifax has agreed to give free credit monitoring to hack victims but pressed the company to stop collecting any money to monitor or freeze credit.

“Selling a fee-based product that competes with Equifax’s own free offer of credit monitoring services to victims of Equifax’s own data breach is unfair,” Jepsen said.

Also on Friday, the chairman and ranking member of the Senate subcommittee on Social Security urged Social Security Administration to consider nullifying its contract with Equifax and consider making the company ineligible for future government contracts.

The two senators, Republican Bill Cassidy and Democrat Sherrod Brown, said they were concerned that personal information maintained by the Social Security Administration may also be at risk because the agency worked with Equifax to build its E-Authentication security platform.

Equifax has reported that for 2016, state and federal governments accounted for 5 percent of its total revenue of $3.1 billion.

400,000 BRITONS AFFECTED

Equifax, which disclosed the breach more than a month after it learned of it on July 29, said at the time that thieves may have stolen the personal information of 143 million Americans in one of the largest hacks ever.

The problem is not restricted to the United States.

Equifax said on Friday that data on up to 400,000 Britons was stolen in the hack because it was stored in the United States. The data included names, email addresses and telephone numbers but not street addresses or financial data, Equifax said.

Canada’s privacy commissioner said on Friday that it has launched an investigation into the data breach. Equifax is still working to determine the number of Canadians affected, the Office of the Privacy Commissioner of Canada said in a statement.

(Reporting by Dustin Volz and Diane Bartz; Additional reporting by Chris Sanders, Michelle Price and Jim Finkle; Editing by Chris Reese and Leslie Adler)

China beefs up cyber defenses with centralized threat database

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore in this January 2, 2014 photo illustration. REUTERS/Edgar Su

BEIJING (Reuters) – China said on Wednesday it will create a national data repository for information on cyber attacks and require telecom firms, internet companies and domain name providers to report threats to it.

The Ministry of Industry and Information Technology (MIIT) said companies and telcos as well as government bodies must share information on incidents including Trojan malware, hardware vulnerabilities, and content linked to “malicious” IP addresses to the new platform.

An MIIT policy note also said that the ministry, which is creating the platform, will be liable for disposing of threats under the new rules, which will take effect on Jan. 1.

Companies and network providers that fail to follow the rules will be subject to “warnings, fines and other administrative penalties”, it said, without giving any details.

The law is the latest in a series of moves by Chinese authorities designed to guard core infrastructure and private enterprises against large-scale cyber attacks.

In June, China’s cyber watchdog formalized a nationwide cyber emergency response plan, which included the construction of a central response system and mandated punitive measures for government units that failed to safeguard the system.

Earlier this year, the same ministry introduced rules requiring state telecommunications firms to take a more active role in removing VPNs and other tools used to subvert China’s so-called Great Firewall.

(Reporting by Cate Cadell; Editing by Richard Borsuk)

Key U.S. senators demand answers on Equifax hacking

Credit reporting company Equifax Inc. corporate offices are pictured in Atlanta, Georgia, U.S., September 8, 2017. REUTERS/Tami Chappell

By David Shepardson and Dustin Volz

WASHINGTON (Reuters) – Two key U.S. senators on Monday asked Equifax Inc <EFX.N> to answer detailed questions about a breach of information affecting up to 143 million Americans, including whether U.S. government agency records were compromised in the hack.

Senator Orrin Hatch, who chairs the Finance Committee, and ranking Democrat Ron Wyden, also demanded that Equifax Chief Executive Rick Smith provide a timeline of the breach and its discovery. They asked for information on when authorities and the company’s board were notified and when three executives who sold stock in the company in August were first told of the data breach.

Equifax did not immediately respond to a request for comment on the letter. It came amid mounting scrutiny of the company’s response to the breach from lawmakers, regulators and security experts, prompting the credit-monitoring services to issue an apology on Friday and pledge to dedicate more resources to helping affected consumers.

“The scope and scale of this breach appears to make it one of the largest on record, and the sensitivity of the information compromised may make it the most costly to taxpayers and consumers,” the letter said.

Equifax announced last week that it learned on July 29 that hackers had infiltrated its systems in mid-May, pilfering names, birthdays, addresses and Social Security and driver’s license numbers. Cyber security experts said it was among the largest data hacks ever recorded and was particularly troubling due to the richness of the information exposed.

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose of stock worth about $1.8 million, regulatory filings show.

Equifax said in a statement last week that the executives were not aware that an intrusion had occurred when they sold their shares.

Hatch and Wyden asked Smith to respond by Sept. 28. Other congressional committees have announced plans to hold hearings investigating the Equifax breach and want answers.

The senators want to know if Equifax has a chief information security officer and over the past two years “how many times has Equifax employed third-party cyber security experts to conduct penetration tests of its internal and external systems?” The senators want copies of all Equifax penetration test and audit reports by outside cyber security firms.

Separately, a group of 20 Democratic senators asked Equifax to end its use of forced arbitration agreements, which limit the ability of consumers to pursue claims, and not to lobby to reverse a new rule from the Consumer Financial Protection Bureau to limit the use of forced arbitration in the financial services sector.

(Reporting by Dustin Volz and David Shepardson; Editing by Andrew Hay and Jonathan Oatis)

Equifax reveals hack that likely exposed data of 143 million customers

A magnifying glass is held in front of a computer screen in this picture illustration taken in Berlin May 21, 2013. REUTERS/Pawel Kopczynski/File Photo

By Yashaswini Swamynathan

(Reuters) – Equifax Inc, a provider of consumer credit scores, said on Thursday that personal details of as many as 143 million U.S. consumers were accessed by hackers between mid-May and July, in what could be one of the largest data breaches in the United States.

The company’s shares fell nearly 19 percent in after-market trading as investors reacted to possible consequences of the exposure of sensitive data of nearly half of the U.S. population.

Atlanta-based Equifax said in a statement that it discovered the breach on July 29. It said criminals exploited a U.S. website application vulnerability to gain access to certain files that included names, Social Security numbers and driver’s license numbers.

In addition, credit card numbers of around 209,000 U.S. consumers and certain dispute documents with personal identifying information of around 182,000 U.S. consumers were accessed. Information of some UK and Canadian residents was also gained in the hack, Equifax said.

Equifax said in its statement that it was working with law enforcement agencies and has hired a cyber-security firm to investigate the breach. It said its investigation is “substantially complete,” and expects it will be completed in the coming weeks.

The company declined to comment beyond its statement.

The Federal Bureau of Investigation is tracking the situation, a spokeswoman for the agency said.

U.S. Senator Mark Warner, vice chairman of the Senate Select Committee on Intelligence, said in a statement that it would not be an “exaggeration to suggest that a breach such as this represents a real threat to the economic security of Americans.”

Equifax’s breach follows rival Experian Plc’s breach two years ago that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc (http://reut.rs/2f8ES9k)

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,” Equifax Chief Executive Richard Smith said in a statement, adding that the company is conducting “a thorough review of our overall security operations.”

LIKELIHOOD FOR PHISHING SEEN HIGH

Cybersecurity experts said the breach was very serious.

“On a scale of 1 to 10, this is a 10. It affects the whole credit reporting system in the United States because nobody can recover it, everyone uses the same data,” said Avivah Litan, a Gartner Inc analyst who tracks identity theft and fraud.

Equifax handles data on more than 820 million consumers and more than 91 million businesses worldwide and manages a database with employee information from more than 7,100 employers, according to its website.

Ryan Kalember, senior vice president of cyber security firm Proofpoint, said the hack was “especially troubling” because companies typically offer free credit monitoring services from firms such as Equifax, which has now itself suffered a huge cyber attack.

“The information is very personal – the likelihood that it could be used for phishing is very high,” said Matt Tait, a former analyst at the British intelligence service GCHQ and a cyber security researcher.

Equifax said consumers could check if their information had been impacted at, www.equifaxsecurity2017.com.

Representative Maxine Waters, a member of the House of Representatives Financial Services Committee, said in a statement that she would reintroduce legislation to “enhance consumer protection tools available to minimize harm caused by identity theft.”

Three days after Equifax discovered the breach, three top Equifax executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose off stock worth about $17.8 million, regulatory filings show. It was not clear whether these transactions were part of a pre-arranged sales plan.

Equifax said in a statement that the executives were not aware that an intrusion had occurred when they sold their shares.

(Reporting by Yashaswini Swamynathan in Bengaluru; Additional reporting by Laharee Chatterjee in Bengaluru and Siddharth Cavale and Dustin Volz in Washington; Editing by Leslie Adler)

Cyber alert: EU ministers test responses in first computer war game

Cyber alert: EU ministers test responses in first computer war game

By Robin Emmott

TALLINN (Reuters) – European Union defense ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game on Thursday, based on a simulated attack on one of the bloc’s military missions abroad.

In the simulation, hackers sabotaged the EU’s naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests.

Each of the defense ministers tried to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials sought to make real by creating mock news videos giving updates on an escalating situation.

German Defence Minister Ursula von der Leyen said the “extremely exciting” war game showed the need for EU governments to be more aware of the impact of cyber attacks on critical infrastructure in the EU.

“The adversary is very, very difficult to identify, the attack is silent, invisible,” Von der Leyen told reporters. “The adversary does not need an army, but only a computer with internet connection”.

After a series of global cyber attacks disrupted multinational firms, ports and public services on an unprecedented scale this year, governments are seeking to stop hackers from shutting down more critical infrastructure or crippling corporate and government networks.

“We needed to raise awareness at the political level,” Jorge Domecq, the chief executive of the European Defence Agency that helped organize the exercise with Estonia, told Reuters.

Especially concerned about Russia since it seized Crimea from Ukraine in 2014, Estonia has put cyber security at the forefront of its six-month EU presidency and proposed the exercise.

Estonia was hit by cyber attacks on private and government Internet sites in 2007. One of the world’s most Internet-savvy countries, with 95 percent of government services online, Estonia has a separate cyber command in its armed forces. But it is not without its vulnerabilities.

International researchers have found a security risk with the chips embedded in Estonian identity cards that could allow hackers to steal people’s identities, although officials said there was no evidence of a hack.

INCIDENT, THREAT OR ATTACK?

NATO last year recognized cyberspace as a domain of warfare and said it justified activating the alliance’s collective defense clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defense plan.

The EU exercise made ministers consider how to work more closely with NATO, whose Secretary-General Jens Stoltenberg was there as an observer, diplomats present said.

“Over the last year, we saw a 60 percent increase in the number of cyber attacks against NATO networks,” Stoltenberg told reporters. “A timely exchange of information (with the EU) is key to responding to any cyber attacks.”

EU cyber exercises are not new, but officials said the idea of Thursday’s exercise was to put the onus on defense ministers to act by simulating a temporary loss of military operational command, even if they would have more support in a real-life situation.

Using tablet computers, ministers answered multiple-choice questions as they reacted to the situation, including some on whether they would make public statements or keep the situation secret.

“Do you announce to the whole country that you are under a cyber attack. Is it an incident, a threat or an attack? These are the questions that ministers were forced to consider, probably for the first time,” Estonian Defence Minister Juri Luik told Reuters.

(Reporting by Robin Emmott; Editing by Hugh Lawson)

Hackers gain entry into U.S., European energy sector, Symantec warns

Hackers gain entry into U.S., European energy sector, Symantec warns

By Dustin Volz

WASHINGTON (Reuters) – Advanced hackers have targeted United States and European energy companies in a cyber espionage campaign that has in some cases successfully broken into the core systems that control the companies’ operations, according to researchers at the security firm Symantec.

Malicious email campaigns have been used to gain entry into organizations in the United States, Turkey and Switzerland, and likely other countries well, Symantec said in a report published on Wednesday.

The cyber attacks, which began in late 2015 but increased in frequency in April of this year, are probably the work of a foreign government and bear the hallmarks of a hacking group known as Dragonfly, Eric Chien, a cyber security researcher at Symantec, said in an interview.

The research adds to concerns that industrial firms, including power providers and other utilities, are susceptible to cyber attacks that could be leveraged for destructive purposes in the event of a major geopolitical conflict.

In June the U.S. government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, saying in an alert seen by Reuters that hackers sent phishing emails to harvest credentials in order to gain access to targeted networks.

Chien said he believed that alert likely referenced the same campaign Symantec has been tracking.

He said dozens of companies had been targeted and that a handful of them, including in the United States, had been compromised on the operational level. That level of access meant that motivation was “the only step left” preventing “sabotage of the power grid,” Chien said.

However, other researchers cast some doubt on the findings.

While concerning, the attacks were “far from the level of being able to turn off the lights, so there’s no alarmism needed,” said Robert M. Lee, founder of U.S. critical infrastructure security firm Dragos Inc, who read the report.

Lee called the connection to Dragonfly “loose.”

Dragonfly was previously active from around to 2011 to 2014, when it appeared to go dormant after several cyber firms published research exposing its attacks. The group, also known as Energetic Bear or Koala, was widely believed by security experts to be tied to the Russian government.

Symantec did not name Russia in its report but noted that the attackers used code strings that were in Russian. Other code used French, Symantec said, suggesting the attackers may be attempting to make it more difficult to identify them.

(Reporting by Dustin Volz; Editing by Leslie Adler)

More than four million Time Warner Cable records exposed in leak

A woman walks in front of the Time Warner Cable logo at its office in San Diego, California, U.S., November 2, 2016. REUTERS/Mike Blake

(Reuters) – More than four million records of users of Time Warner Cable’s MyTWC app were found unsecured on an Amazon server last month, digital security research center Kromtech Security Center said in a blog post on Friday.

The files — more than 600 gigabytes in size containing sensitive information such as transaction ID, user names, Mac addresses, serial numbers, account numbers — were discovered on Aug. 24 without a password by researchers of Kromtech.

“A vendor has notified us that certain non-financial information of legacy Time Warner Cable customers who used the MyTWC app became potentially visible by external sources,” Charter Communications Inc <CHTR.O>, Time Warner Cable’s parent, said in an email.

The information was removed immediately after the discovery and the incident is being investigated, Charter said.

The breach was eventually linked to BroadSoft Inc <BSFT.O>, a communications company, whose unit developed the MyTWC app.

Broadsoft did not immediately respond to a request for comment.

(Reporting by Laharee Chatterjee and Arjun Panchadar in Bengaluru; Editing by Shounak Dasgupta and Sriraj Kalluvila)

Abbott releases new round of cyber updates for St. Jude pacemakers

The ticker and trading information for St. Jude Medical is displayed where the stock is traded on the floor of the New York Stock Exchange (NYSE) in New York City, U.S., April 28, 2016. REUTERS/Brendan McDermid/File Photo

By Michael Erman

NEW YORK (Reuters) – Abbott Laboratories said on Tuesday it would issue updates to reduce the risk of its St. Jude heart implants being hacked and to warn patients that the devices’ batteries may run down earlier than expected.

It was the second round of updates for the heart implants that Abbott has announced since buying medical device maker St. Jude Medical earlier this year.

The U.S. government launched a probe last year of claims the devices were vulnerable to potentially life-threatening hacks that could cause implanted devices to pace at potentially dangerous rates or cause them to fail by draining their batteries.

The company also identified a separate problem with lithium batteries in its heart devices last year. St. Jude recalled some of its 400,000 implanted heart devices last October due to risk of premature battery depletion, which was linked to two deaths in Europe.

The U.S. Food and Drug Administration said then that hospitals should return unused devices and warned patients with an already implanted device to seek immediate medical attention if they get a low-battery alert.

“Abbott is resolving all old St. Jude Medical issues,” Abbott spokeswoman Candace Steele Flippin said.

The new update will provide doctors with an earlier warning when the batteries in Abbott’s implantable cardioverter defibrillators are at risk of early depletion.

Abbott said it would also update the software embedded in pacemakers to reduce the risk of hacking. The company said there have been no reports of unauthorized access to any patient’s implanted device and that compromising the security of the devices would require a complex set of circumstances.

The FDA said it approved the update to ensure that it addresses the cyber security vulnerabilities, and reduces the risk of patient harm.

The FDA and the Department of Homeland Security confirmed in January that St. Jude devices were vulnerable to hacking. But they said they knew of no cyber attacks on patients with the company’s cardiac implants.

The FDA said the benefits of continuing treatment outweighed cyber risks, and DHS said only an attacker “with high skill” could exploit the vulnerability.

They launched the probe in August after short-selling firm Muddy Waters and cyber security firm MedSec Holdings said the devices were riddled with security flaws that made them vulnerable to potentially life-threatening hacks.

When Muddy Waters went public with the claims, it also disclosed it was shorting shares of St. Jude Medical, which was preparing to sell itself to Abbott. The short-selling firm said it believed that disclosure of the vulnerabilities could cause the $25 billion deal to fall apart, but Abbot completed the deal in January.

(Reporting by Michael Erman; Editing by Dan Grebler and Richard Chang)

Exclusive: India and Pakistan hit by spy malware – cybersecurity firm

FILE PHOTO: A Symantec security app is seen on a phone in this illustration photo taken May 23, 2017. REUTERS/Thomas White/Illustration/File Photo

By Rahul Bhatia

MUMBAI (Reuters) – Symantec Corp, a digital security company, says it has identified a sustained cyber spying campaign, likely state-sponsored, against Indian and Pakistani entities involved in regional security issues.

In a threat intelligence report that was sent to clients in July, Symantec said the online espionage effort dated back to October 2016.

The campaign appeared to be the work of several groups, but tactics and techniques used suggest that the groups were operating with “similar goals or under the same sponsor”, probably a nation state, according to the threat report, which was reviewed by Reuters. It did not name a state.

The detailed report on the cyber spying comes at a time of heightened tensions in the region.

India’s military has raised operational readiness along its border with China following a face-off in Bhutan near their disputed frontier, while Indo-Pakistan tensions are also simmering over the disputed Kashmir region.

A spokesman for Symantec said the company does not comment publicly on the malware analysis, investigations and incident response services it provides clients.

Symantec did not identify the likely sponsor of the attack. But it said that governments and militaries with operations in South Asia and interests in regional security issues would likely be at risk from the malware. The malware utilizes the so-called “Ehdoor” backdoor to access files on computers.

“There was a similar campaign that targeted Qatar using programs called Spynote and Revokery,” said a security expert, who requested anonymity. “They were backdoors just like Ehdoor, which is a targeted effort for South Asia.”

CLICKBAIT

To install the malware, Symantec found, the attackers used decoy documents related to security issues in South Asia. The documents included reports from Reuters, Zee News, and the Hindu, and were related to military issues, Kashmir, and an Indian secessionist movement.

The malware allows spies to upload and download files, carry out processes, log keystrokes, identify the target’s location, steal personal data, and take screenshots, Symantec said, adding that the malware was also being used to target Android devices.

In response to frequent cyber-security incidents, India in February established a center to help companies and individuals detect and remove malware. The center is operated by the Indian Computer Emergency Response Team (CERT-In).

Gulshan Rai, the director general of CERT-In, declined to comment specifically on the attack cited in the Symantec report, but added: “We took prompt action when we discovered a backdoor last October after a group in Singapore alerted us.” He did not elaborate.

Symantec’s report said an investigation into the backdoor showed that it was constantly being modified to provide “additional capabilities” for spying operations.

A senior official with Pakistan’s Federal Investigation Agency said it had not received any reports of malware incidents from government information technology departments. He asked not to be named due to the sensitivity of the matter.

A spokesman for FireEye, another cybersecurity company, said that based on an initial review of the malware, it had concluded that an internet protocol address in Pakistan had submitted the malware to a testing service. The spokesman requested anonymity, citing company policy.

Another FireEye official said the attack reported by Symantec was not surprising.

“South Asia is a hotbed of geopolitical tensions, and wherever we find heightened tensions we expect to see elevated levels of cyber espionage activity,” said Tim Wellsmore, FireEye’s director of threat intelligence for the Asia Pacific region.

The Symantec report said the ‘Ehdoor’ backdoor was initially used in late 2016 to target government, military and military-affiliated targets in the Middle East and elsewhere.

(Reporting by Rahul Bhatia. Additional reporting by Jeremy Wagstaff in Singapore.; Editing by Euan Rocha and Philip McClellan)