Pakistani Hackers Mimic NIC Email to Target India Govt

A cyber-espionage group linked to Pakistan has launched a phishing campaign against Indian government agencies, posing as the National Informatics Centre’s email services. Cybersecurity analysts have attributed the operation to APT36, also known as TransparentTribe. These Pakistani hackers mimic NIC email headers and formats to deceive officials into sharing credentials or downloading malicious files.

The attackers use fake domains such as departmentofdefence.live and accounts.mgovcloud.in.departmentofdefence.live to impersonate trusted digital infrastructure. Their network includes command-and-control servers hosted at IPs 81.180.93.5 and 45.141.59.168, enabling data exfiltration and remote access. Through this infrastructure, Pakistani hackers mimic NIC systems with high precision, exploiting familiarity with Indian communication protocols.

Researchers identified the campaign’s social engineering tactics and its alignment with TransparentTribe’s history of targeting Indian defense and administrative entities. The operation demonstrates a continued effort to breach sensitive government systems through deceptive digital correspondence.

Read the full report here:

Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’