Representational image | Photo: Flickr
Representational image | Photo: Flickr
Text Size:

New Delhi: Last month, the Intelligence Bureau wrote to the Ministry of Railways, alerting it about computer systems being compromised by Pakistan-based “cyber actors”.

The letter written in May, which has been accessed by ThePrint, stated: “It is learnt that (04) Internet connected computers in use at different offices of Indian Railways has (sic) been compromised by Pakistan based cyber actors (APT 36 Malware campaign). Data from the compromised computers are being constantly sent to servers abroad.”

The details of the computers have been attached separately, the IB’s letter added. A highly placed source told ThePrint that while three of the computers identified are located in the ministry, one is the personal computer of a top vigilance officer from the railways.

Asked for a comment by ThePrint, Ministry of Railways spokesperson D.J. Narain said the issue was “very old”, without specifying how old it was. He added: “We have nothing more to say on this. All we can say is we are all safe.”

Also read: Pakistan-linked hackers pose as Indian govt, carry out cyberattacks under Covid-19 cover


The IB’s letter further stated that “APT36 cyber threat actors are targeting various government sectors including defence, central police organisations, education, healthcare etc”.

“The modus operandi is to deliver Crimson RAT (Remote Access Trojan) malware embedded in MS Office documents to steal information from the victim computers,” it stated, adding that Covid-themed “spear-phishing” emails are being used to deliver this malware into the victims’ computers.

Spear-phishing is described as the act of sending “emails to specific well-researched targets while purporting to be a trusted sender”. Security and risk management news website CSOOnline quoted Aaron Higbee, co-founder and chief technology officer of anti-phishing firm Cofense, as saying: “Spear-phishing is a campaign that was purposefully built by a threat actor with a goal of penetrating one organisation, and where they will really research names and roles within a company.”


The IB letter also went on to recommend the course of action the Indian Railways should take on this issue.

“Indian Railways may identify the infected computers and take immediate steps to sequester, cleanse and secure the computers,” the letter stated.

It advised immediately disconnecting the infected computers from LAN/internet, changing passwords of all email and online services from another secure computer, formatting the hard disks of the infected computers after taking back-ups of data files, re-installing operating systems and applications from clean software, and scanning back-up data for viruses before restoring it.

Also read: How hackers broke into WHO computers by posing as journalists, researchers


Subscribe to our channels on YouTube & Telegram

Why news media is in crisis & How you can fix it

India needs free, fair, non-hyphenated and questioning journalism even more as it faces multiple crises.

But the news media is in a crisis of its own. There have been brutal layoffs and pay-cuts. The best of journalism is shrinking, yielding to crude prime-time spectacle.

ThePrint has the finest young reporters, columnists and editors working for it. Sustaining journalism of this quality needs smart and thinking people like you to pay for it. Whether you live in India or overseas, you can do it here.

Support Our Journalism

4 Comments Share Your Views


  1. Even if it’s recent, this is really a very low level kids stuff. But then that’s what we can expect from beggars. India, China, the US and Israel are real DDOS attack powers. I won’t say much further on this.
    But really disappointed in Print to get this click-bait news on their platform.


Please enter your comment!
Please enter your name here