Pakistani military allegedly accessed data of US, UK, and Australian officials and diplomats

Exfiltrated content included military photos with US army personnel

caption
Exfiltrated content included military photos with US army personnel
source
Lookout

 

  • Surveillanceware tools collected critical data from US, UK, and Australian officials and diplomats.
  • The hack, which was allegedly coordinated by Pakistani military members, collected sensitive photos, audio recordings, text messages, and could also disable a phone’s reception.
  • The victims unknowingly gave access to images of US military hardware, photos of passports, details of diplomatic visits, and letters from senior officials.
  • In one instance a phishing message was sent via Facebook Messenger.

The Pakistani military allegedly coordinated a surveillance operation which collected data from US, UK, and Australian officials and diplomats.

Researchers from US mobile-security company Lookout found Western officials were unintentionally caught up in a data-gathering operation which used surveillanceware tools dubbed Stealth Mango (for Android) and Tangel (for iOS).

US military hardware.

caption
US military hardware.
source
Lookout

In a report released last week, Lookout researchers said they believe Pakistani military members were responsible for hacks targeting civilians, government officials, diplomats, and military personnel in Pakistan, India, Iraq and the UAE.

“These tools have been part of a highly targeted intelligence gathering campaign we believe is operated by members of the Pakistani military,” the report read. “Our investigation indicates this actor has used these surveillanceware tools to successfully compromise the mobile devices of government officials, members of the military, medical professionals, and civilians.”

According to Lookout, which analyzed 15gb of compromised data, perpetrators largely targeted victims via phishing messages which linked to a third-party Android app store.

Once a surveillanceware app was downloaded it was able to access text messages, audio recordings, photos, calendars, contact lists for apps including Skype, and the phone’s GPS location. It also had the ability to detect when a victim was driving and turn off SMS and internet reception during that time.

A letter from the Pakistan High Commission to the US Ambassador.

caption
A letter from the Pakistan High Commission to the US Ambassador.
source
Lookout

On at least one occasion the app store URL was sent via Facebook messenger which, according to Lookout, suggests “the attackers are using fake personas to connect with their targets and coerce them into installing the malware onto their devices.”

The individuals targeted in this campaign unknowingly gave hackers access to pictures of IDs and passports, the GPS locations of photos, legal and medical documents, internal government communications, and photos of military and government officials from closed-door meetings.

Officials and civilians from the US and Iran, as well as British and Australian diplomats, were not targeted in the operation but their data was compromised after interacting with Stealth Mango victims.

Some of the victims’ compromised data included:

  • A letter from the United States Central Command to the Afghanistan Assistant Minister of Defense for Intelligence
  • A letter from the High Commission for Pakistan to the United States Director of the Foreign Security Office Ministry of Foreign Affairs
  • Details of visits to Quetta, Balochistan, Pakistan by Australian Diplomats
  • Details of visits to Quetta, Balochistan, Pakistan by German Diplomats
  • Photos of Afghan and Pakistani military officials

It’s unknown when Stealth Mango was launched, but its latest release was made in April 2018.

Australian diplomat's travel details in Pakistan.

caption
Australian diplomat’s travel details in Pakistan.
source
Lookout

Lookout believes it was created by freelance developers with physical presences in Pakistan, India, and the United States, but actively managed by actors in Pakistan who are most likely members of the military.

The main developer is thought to be a full-time app creator. Lookout suspects he once worked for a company based in Sydney, Australia. On LinkedIn, most of the company’s employees are based in Pakistan.

When contacted by Lookout, Google said the apps used in this operation were not available on the Google Play Store, but “Google Play Protect has been updated to protect user devices from these apps and is in the process of removing them from all affected devices.”

Editor’s Note: A previous headline of this article stated that the Pakistani military hacked phones of US, UK, and Australian officials and diplomats. Lookout clarified the subjects of the hack in an email to Business Insider saying, “The phones of US, UK and Australian diplomats were not hacked, but rather these government officials were in contact with victims from Pakistan, Afghanistan and the UAE that had compromised mobile devices; these images, documents, and so forth were a result of compromised mobile devices from Middle Eastern victims.” This article has been updated to reflect the correction. Business Insider regrets the error.