BENGALURU: A Pakistani cyber security firm with close ties to Islamabad has been found stealing information from Indian government and defence establishments, according to a two-year investigation by a US-based IT security firm.The Pakistani firm targeted Indian establishments using leased US hosting services, the US security firm, FireEye, said, the findings revealing that India remains a vulnerable target for cyber attacks even after documents leaked by whistleblower Edward Snowden exposed widespread spying by US National Security Agency.The firm used 'Sarabjit Singh', 'Devyani Khoragade', 'Salary hikes for government employees' in the subject line of the emails to lure officials into opening attachments containing the malware, which would then infect the computers and collect an assortment of data that it would send to the cyber attacker.While FireEye claimed the cyber attacks by the Pakistani firm were still active, the Indian government denied any knowledge of this. "It is incorrect. We have only seen cases of website hacking. However, they hold only public data," said Dr Gulshan Rai, director-general of the Indian Computer Emergency Response Team, or ICERT, and who will shortly take charge as the country's first cyber security chief.A senior Indian intelligence official confirmed Indian establishments were targets of cyber spying, but said the attackers could not be traced. "We have seen many such attacks targeting Indian government and defence establishments, but in cyber space it is very hard to ascertain the actual source."According to FireEye, an Islamabad-based firm called Tranchulas, which claims to have helped prepare Pakistani government for cyber warfare, bombarded officials in Indian government with emails containing malicious software.A senior Indian intelligence official confirmed Indian establishments were targets of cyber spying, but said the attackers could not be traced."We have seen many such attacks targeting Indian government and defence establishments coming from different parts of the world, but in cyber space it is very hard to ascertain the actual source of an attack."According to FireEye, an Islamabad-based IT security firm called Tranchulas, which claims to have helped prepare the Pakistani government for cyber warfare, bombarded officials in Indian government organizations with emails containing malicious software, or malware."They are essentially penetrating Indian government accounts to find out what the Indian government is up to," Manish Gupta, senior vice president at FireEye, told ET. "They are also targeting defence organisations. Some of the things that could be important to them could be what kind of weapons does India have, where are these weapons deployed, how many people are deployed in these regions, what is the s organization structure, are there any military exercises planned."Tranchulas CEO Zubair Khan, in an email response to ET, neither confirmed nor denied the involvement of his firm in the cyber espionage. "We've had no contact with (FireEye) so I have no idea about their motivations vis-a-vis their reporting on us. Clearly, they are one of the best security research firms out there and we respect their talents in this regard."Khan said his company offers both government and private clients a special service, called the offensive cyber initiative, "to help select customers build sustainable strategies for cyber warfare and cyber defense that will keep them relevant in the information age."The malware identified by FireEye has been active since early 2013 with the name of a Tranchulas employee, Umair Aziz, in its code.FireEye said that after it confronted Khan over this issue in July 2013, dif ferent variants of the malware with modified names have surfaced."Once we confronted Tranchulas, the malware was modified and all references to the company were removed and replaced with some strings with Cert-In (Indian computer emergency response team) to masquerade themselves and show that the attacks were being carried out by Indian Cert," said Michael Oppenheim, a threat intelligence analyst at FireEye who discovered the malware.Tranchulas exclusively used VPSNOC, a Pakistanbased virtual private server service provider, which leased U.S. hosting services to control phases of the attack, Oppenheim said.The senior Indian intelligence official mentioned ear lier in the story said it was common for cyber attackers to use servers located in a different country to avoid detection. India has been trying to improve its cyber defence ca pabilities in response to an increasing number of attacks, including by the United States, as revealed by the Snowden leaks. Earlier this month, Prime Minister Narendra Modi called upon the Indian IT Industry to focus on meeting the global challenge of cyber-security.Cyber attacks on Indian websites have increased near ly five times in the past four years. Until mid-2014, more than 60,000 incidents were recorded by the ICERT."India's data is in great demand across the world. It has been snooped across the continents but what is snooped is very important. What Pak agencies claim they snoop many a times is of far less importance as they end up in snooping data which has never traversed any physical form," said Prashant Mali, an advocate and independent cybercrime expert in Mumbai.