Texas-based Exodus Intelligence believed India used its “zero-day”, security vulnerabilities that hackers can use to attack systems, to spy on Pakistan and China.
According to a report published in Forbes, Exodus CEO and co-founder Logan Brown said that, after an investigation, he believes India handpicked one of the Windows vulnerabilities from the feed—allowing deep access to Microsoft’s operating system—and Indian government personnel or a contractor adapted it for malicious means.
Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyber espionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan. They began in June 2020 and continued through to April 2021.
The Exodus CEO maintained that India was subsequently cut off from buying new zero-day research from his company in April and it has worked with Microsoft to patch the vulnerabilities.
The Indian use of his company’s research was beyond the pale, though Exodus doesn’t limit what customers do with its findings, Brown said, adding, “You can use it offensively if you want, but not if you’re going to be . . . shotgun blasting Pakistan and China. I don’t want any part of that.”
The US company also looked at a second vulnerability Kaspersky had attributed to Moses, another flaw that allowed a hacker to get higher privileges on a Windows computer. It was not linked to any particular espionage campaign, but Brown confirmed it was one of his company’s, adding that it would “make sense” that India or one of its contractors had weaponized that vulnerability, too.
Beyond the two zero-days already abused, according to Kaspersky, “at least six vulnerabilities” made by Moses have made it out “into the wild” in the last two years. Also according to Kaspersky, another hacking crew known as DarkHotel—believed by some cybersecurity researchers to be sponsored by South Korea—has used Moses’ zero days. South Korea is not a customer of Exodus.
“We are pretty sure India leaked some of our research,” the report quoted Brown as saying.
“We cut them off and haven’t heard anything since then . . . so the assumption is that we were correct.”
Free Press Kashmir is now on Telegram. Click here to Join.
FPK Android App for 2G. Click here to Download.
