Information about spear phishing e-mails targeting Indian government officials

On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and military targets.
This group frequently uses a toolset that consists of a downloader and modular framework that uses plugins to enhance functionality, ranging from keystroke logging to targeting USB devices. We initially reported on this threat group and their UPDATESEE malware in our FireEye Intelligence Center in February 2016. Proofpoint also discussed the threat actors, whom they call Transparent Tribe, in a March blog post.
In this latest incident, the group registered a fake news domain, timesofindiaa[.]in, on May 18, 2016, and then used it to send spear phishing emails to Indian government officials on the same day. The emails referenced the Indian Governments 7th Central Pay Commission (CPC). These Commissions periodically review the pay structure for Indian government and military personnel, a topic that would be of interest to government employees.