Operation Arachnophobia

Caught in the Spider’s Web

The ThreatConnect Research Team tracks a number of threat groups around the world. Beginning in the summer of 2013, ThreatConnect Research identified a suspected Pakistani-origin threat group. This group was revealed by ThreatConnect Research publicly in August 2013. In the months following the disclosure, we identified new activity. ThreatConnect partnered with experts at FireEye Labs to examine these new observations in an attempt to discover new research and insight into the group and its Operation “Arachnophobia”. The report below is a product of collaborative research and threat intelligence sharing between ThreatConnect Research and FireEye Labs.

Download for Free

Explore Real World Application of the ThreatConnect Platform

On August 2, 2013, the ThreatConnect Research Team published the blog “Where There is Smoke, There is Fire: South Asian Cyber Espionage Heats Up” in which ThreatConnect Research identified custom malware, later dubbed BITTERBUG by FireEye, suspected to be linked to Pakistani-based exploitation activity directed against Indian entities. We found debug path references to “Tranchulas”, which is also the name of a Pakistani security company. Tranchulas claims to support “national level cyber security programs” and the development of offensive and defensive cyber capabilities. At the time, the incident seemed to be an isolated one for ThreatConnect Research, but it was only the beginning. Our suspicions of Tranchulas’ involvement in the activity began to mount, based on a series of events that occurred both before and after the release of our blog post. Download for free to read the full story.