wordpress blog stats
Connect with us

Hi, what are you looking for?

As part of cyber-espionage campaign, India targeted telecom, government entities in China, Pakistan: Report

Indian government officials used zero day vulnerabilities in Microsoft Windows to target Chinese and Pakistani PCs

Government and telecom entities in China and Pakistan were targeted as part of cyberespionage campaign led by the Indian government according to a report by Forbes. The campaign using zero day vulnerabilities sold to it by Exodus Intelligence, a zero day exploit broker, based in Austin Texas, ran from June 2020 to April 2021 following which Exodus says it ‘cut off’ India from buying its zero day exploit research.

Zero day exploit brokers are companies that sell information about crucial software vulnerabilities and software which could exploit them. In this case, Exodus told Forbes, it provided India with information about the vulnerability which was later adapted and exploited by an Indian government official or contractor.

The development comes amidst calls for a moratorium on spyware applications, after a consortium of international news organisations published a revelatory series of stories in July on the use of the NSO-group made Pegasus spyware to spy on opposition leaders, activists, journalists, and others by multiple governments. While the software may not have been a spyware, whistleblower Snowden had said in an interview that the consortium’s findings illustrated how commercial malware or malicious software had made it possible for repressive regimes to place vastly more people under the most invasive types of surveillance. According to the report, in this case, the exploit allowed deep access into Microsoft PCs to the attackers for nearly a year.

What did India do?

  • According to the report,the campaign targeted Microsoft PCs in government and telecom units in China and Pakistan
  • Along with the espionage campaign, Exodus suspects that India exposed some of its research. The company as part of its contract, forbids customers from making its zero days research public. However according to Kaspersky, Dark Hotel, a South Korea-backed hacker group, has used one of Exodus’ zero day research even though South Korea was not a customer of Exodus.
  • Exodus also suspects that India used another vulnerability that allowed a hacker to get ‘higher privileges’ on a Windows computer. However this is speculation as researchers at Kaspersky, who first discovered the campaign, could not find specific instances of its use in a cyberespionage campaign.

What should be the norms regarding usage of such zero day exploits by countries? Do leave a comment

Why was India cut off?

After researchers at Cybersecurity firm Kasperksy discovered the campaign earlier this year, Exodus also conducted its own investigation into India’s use of its research, confirming Kaspersky’s findings. Around April 2021, India was cut off from using Exodus’ products and the latter also informed Microsoft about the vulnerability, working with it to patch it.

While the company doesn’t usually limit a clients’ usage of its research, it took an exception to India’s usage. “You can use it offensively if you want, but not if you’re going to be . . . shotgun blasting Pakistan and China. I don’t want any part of that,” Lucas Browne Exoducs CEO and co-founder is quoted saying in the report. The company also suspects that India leaked its research to South Korea,“We are pretty sure India leaked some of our research,” Browne is quoted saying, “We cut them off and haven’t heard anything since then . . . so the assumption is that we were correct.”

Advertisement. Scroll to continue reading.

MediaNama has reached out to Microsoft for comment on the matter and will update the story as and when they respond.

What is Exodus: the company behind the vulnerability

According to the report, Exodus also provides information on zero days to the U.S., U.K., Canada, Australia, and New Zealand and their allies, as part of the Five Eyes intelligence alliance. Previously, the company had been in the news for providing the french police with a tool to hack the Tor Browser to identify and catch child sexual abusers. However this tool, a hack discovered by Exodus, was leaked.

The company also provides a ‘news feed’ like product which gives information on zero day vulnerabilities, without the software to exploit them, for up to $2,50,000 a year which is what it believes India bought.

International dialogue around malicious software

  • Last week, EU Commissioner Didier Reynders reiterated the need to fully investigate the Pegasus scandal at the start of a debate in the European parliament.
  • In July, US, UK, EU and allies released a joint statement accusing China of carrying out malicious cyber activities and has urged Chinese authorities to address the situation. That month, WhatsApp’s chief executive officer Will Cathcart also urged governments to step in and impose a complete moratorium on the spyware industry in an interview with The Guardian.
  • In October 2020, the US State Department released due diligence guidelines for American companies exporting products, including surveillance software abroad.

Also read:

Written By

I cover health and education technology for MediaNama. Reach me at anushka@medianama.com

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The US and other countries' retreat from a laissez-faire approach to regulating markets presents India with a rare opportunity.


When news that Walmart would soon accept cryptocurrency turned out to be fake, it also became a teachable moment.


The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...

You May Also Like


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ