Cyber Incident Victim: Government of India

In early March 2016, Pakistan-linked hackers initiated Operation C-Major, a cyber-espionage campaign targeting Indian military personnel through spear-phishing emails. The attackers exploited a vulnerability in Adobe Reader to deliver spyware, compromising victims' systems. Security firm Trend Micro identified the campaign after analyzing the malware's infrastructure, noting the attackers failed to fully conceal their command and control server's location in Pakistan. Researchers accessed the malware's complete source code due to the use of easily decompiled programming languages, revealing the operation's exclusive focus on Indian military targets. The server's IP address and data exfiltration mechanisms were traced, confirming the theft of sensitive information.

Analysis of the compromised servers revealed extensive collections of stolen military data, including personnel identification scans, salary records, passport details, and taxation documents. Private materials such as personal photographs were also exfiltrated. The breach exposed highly classified Indian Army operational information, including tactical movement strategies and training materials. Trend Micro further discovered evidence of a planned follow-up campaign involving Android malware designed to target the same military entities. The attackers' operational security shortcomings enabled researchers to intercept these details, though the involvement of Pakistani state actors remained unconfirmed despite the server's geographical location and the campaign's strategic focus.