NEW JERSEY: In a startling revelation by a US based cyber intelligence company Exodus, it’s CEO and co-founder Logan Brown has told Forbes in an interview that, “After an investigation, he believes India handpicked one of the Windows vulnerabilities from the feed—allowing deep access to Microsoft’s operating system—and Indian government personnel or a contractor adapted it for malicious means , reportedly to spy on Chinese and Pakistani systems”.
The comments from Exodus CEO have come in the aftermath of an investigation carried out by researchers at Russian cyber security firm, Kaspersky earlier this year that witnessed a cyber espionage campaign targeting Windows PCs at government and telecom entities in China and Pakistan. The investigation began in June 2020 and continued till April 2021.
Kaspersky tagged the hacking software used by spies, as ‘Bitter APT and the company to which it attributed the spyware as “Moses.”
Kaspersky revealed that “Moses” is the provider of hacking technology known as “zero-day exploit broker.” Such companies, Russian firm said functions in a niche market within 130 billion USD cyber security industry, creating software—an “exploit”—that can hack into computers via unpatched vulnerabilities known as “zero days” (the term coming from the fact that developers have “zero days” to fix the problem before it’s publicly known).
Zero day attack is thus an attack that exploits a potentially serious software security weakness that vendor or the developer may be unaware of. These attacks find loopholes in operating systems or apps and allow a hacker or spy to break into targets’ digital systems.
Moses’ here is none other than the Texas based company called Exodus Intelligence, referred above, according to sources having knowledge of Kaspersky’s investigative research and Bitter APT, the Moses customer, is India, revealed the source.
Exodus has become a popular name in cyber tech space in the last decade , also associated with the leak of a popular tool that law enforcement agencies in US used to hack anonymous browser Tor. Exodus has entered into partnerships with US Defense Department’s research agency Darpa and major tech firms like Cisco and Fortinet.
Exodus, on being asked by Five Eyes countries (an alliance of intelligence-sharing countries that includes the U.S., U.K., Canada, Australia, and New Zealand) or their allies, is made to provide both information on a zero-day vulnerability and the software required to exploit it.
It’s main product is akin to Facebook news feed of software vulnerabilities, ‘sans exploits‘ which is primarily marketed as a tool for defenders, but customers are free to use the software the way they want and use the information on those Exodus zero days—ones that typically cover most popular operating systems, from Windows to Google’s Android and Apple’s iOS.
Exodus CEO Brown is also exploring whether or not its’ code has been leaked or abused by others. Apart from two zero days already abused by India (allegedly), according to Kaspersky, “at least six vulnerabilities” made by Moses have come into light in last two years.
Also according to Kaspersky, another hacking crew Dark Hotel—believed to be sponsored by South Korea—has used Moses’ zero days. But South Korea is not a customer of Exodus. ” We are pretty sure India leaked some of our research,” Brown said.
India was then cut off from buying new zero-day research from his company in April, says Brown, and it has also worked out with Microsoft to patch the vulnerabilities.
Earlier this year, a coalition of newspapers and nonprofits called the “Pegasus Project” has also alleged that phones of leader of opposition leader Congress party, Rahul Gandhi, and some of his close associates had been targeted, leading to claims of treason against Prime Minister Modi’s government, the spyware in question has been made by NSO group of Israel.
What has been spied in the alleged espionage has not come out with details, but this revelation on state-sponsored cyber-warfare on another sovereign state’s cyberspace is expected to create ripples in the international community and more so in the relations of India and it’s two neighbour-cum-adversaries which is at it’s all time low. The reported espionage also puts under question US administration support to such companies in it’s business space.