Representational image | Photo: Flickr
Representational image | Photo: Flickr
Text Size:

New Delhi: Last month, the Intelligence Bureau wrote to the Ministry of Railways, alerting it about computer systems being compromised by Pakistan-based “cyber actors”.

The letter written in May, which has been accessed by ThePrint, stated: “It is learnt that (04) Internet connected computers in use at different offices of Indian Railways has (sic) been compromised by Pakistan based cyber actors (APT 36 Malware campaign). Data from the compromised computers are being constantly sent to servers abroad.”

The details of the computers have been attached separately, the IB’s letter added. A highly placed source told ThePrint that while three of the computers identified are located in the ministry, one is the personal computer of a top vigilance officer from the railways.

Asked for a comment by ThePrint, Ministry of Railways spokesperson D.J. Narain said the issue was “very old”, without specifying how old it was. He added: “We have nothing more to say on this. All we can say is we are all safe.”

Also read: Pakistan-linked hackers pose as Indian govt, carry out cyberattacks under Covid-19 cover


The IB’s letter further stated that “APT36 cyber threat actors are targeting various government sectors including defence, central police organisations, education, healthcare etc”.

“The modus operandi is to deliver Crimson RAT (Remote Access Trojan) malware embedded in MS Office documents to steal information from the victim computers,” it stated, adding that Covid-themed “spear-phishing” emails are being used to deliver this malware into the victims’ computers.

We are deeply grateful to our readers & viewers for their time, trust and subscriptions.

Quality journalism is expensive and needs readers to pay for it. Your support will define our work and ThePrint’s future.


Spear-phishing is described as the act of sending “emails to specific well-researched targets while purporting to be a trusted sender”. Security and risk management news website CSOOnline quoted Aaron Higbee, co-founder and chief technology officer of anti-phishing firm Cofense, as saying: “Spear-phishing is a campaign that was purposefully built by a threat actor with a goal of penetrating one organisation, and where they will really research names and roles within a company.”


The IB letter also went on to recommend the course of action the Indian Railways should take on this issue.

“Indian Railways may identify the infected computers and take immediate steps to sequester, cleanse and secure the computers,” the letter stated.

It advised immediately disconnecting the infected computers from LAN/internet, changing passwords of all email and online services from another secure computer, formatting the hard disks of the infected computers after taking back-ups of data files, re-installing operating systems and applications from clean software, and scanning back-up data for viruses before restoring it.

Also read: How hackers broke into WHO computers by posing as journalists, researchers


Subscribe to our channels on YouTube & Telegram

News media is in a crisis & only you can fix it

You are reading this because you value good, intelligent and objective journalism. We thank you for your time and your trust.

You also know that the news media is facing an unprecedented crisis. It is likely that you are also hearing of the brutal layoffs and pay-cuts hitting the industry. There are many reasons why the media’s economics is broken. But a big one is that good people are not yet paying enough for good journalism.

We have a newsroom filled with talented young reporters. We also have the country’s most robust editing and fact-checking team, finest news photographers and video professionals. We are building India’s most ambitious and energetic news platform. And we aren’t even three yet.

At ThePrint, we invest in quality journalists. We pay them fairly and on time even in this difficult period. As you may have noticed, we do not flinch from spending whatever it takes to make sure our reporters reach where the story is. Our stellar coronavirus coverage is a good example. You can check some of it here.

This comes with a sizable cost. For us to continue bringing quality journalism, we need readers like you to pay for it. Because the advertising market is broken too.

If you think we deserve your support, do join us in this endeavour to strengthen fair, free, courageous, and questioning journalism, please click on the link below. Your support will define our journalism, and ThePrint’s future. It will take just a few seconds of your time.

Support Our Journalism

4 Comments Share Your Views


  1. Even if it’s recent, this is really a very low level kids stuff. But then that’s what we can expect from beggars. India, China, the US and Israel are real DDOS attack powers. I won’t say much further on this.
    But really disappointed in Print to get this click-bait news on their platform.


Please enter your comment!
Please enter your name here