The Cabinet Division has warned government organizations and officials that dangerous hacking groups are using spoofed messages to steal information.
According to the cabinet division’s advisory, hostile intelligence agencies are involved in hacking attempts against senior officers through spoofing SMS. Senior officers are asked to call back by sending a spoofing SMS from an unfamiliar number, if they do so a hacking attack is launched and sensitive information is stolen as well as unauthorized access is gained to the target’s device.
In such attacks, the target may also receive a missed call from a known number. Hackers use this spoofing trick to force the target into opening an SMS containing hacking links. If the target clicks on these links, their device will be hacked and their sensitive information will be stolen.
According to the advisory, mobile numbers of military/defense forces personnel (since most of the contact lists had been leaked/hacked over a period of time from mobile phones of military/defense personnel) are being used by hostile intelligence agencies to send spoofed SMS and WhatsApp messages to selected targets. In many cases, a missed call or sharing of a well-crafted message is used to trick the victims to disclose their sensitive information or click on suspicious links/ attachments.
The spoofed numbers can be generated from various websites and applications. Most spoofing services append the originator’s country code for international callings, therefore, in some sloppy hacking attempts those numbers are appended with Indian country code (+91) as well.
Advisory asked the government officials to not pick up or call back to calls from unknown numbers and to not respond to unidentified messages. Also, carefully examine the number of callers or message senders for spoofing. Treat missed calls and SMS from unfamiliar numbers with suspicion, especially if they are from international numbers.
It has asked the officials to enable two-factor authentication for WhatsApp and other relevant platforms to add an extra layer of security to accounts and applications.
The advisory has asked government officials to refrain from clicking on links received via SMS or WhatsApp unless confident about their authenticity and to keep mobile devices and applications up to date with the latest security patches or updates to mitigate vulnerabilities.
Source: Pro Pakistani