China has been a usual suspect behind the cyberattacks carried out worldwide — From U.S. to India, everyone blames the red army for its cyber campaigns.
A group of hackers that seems to be based in China have been running a cyber attack campaign to spy on India and the neighboring countries in an attempt to search for information about ongoing disputes over the border as well as some other political matters, a recent report by cybersecurity firm FireEye reveals.
The security firm has described the group of hackers as a part of an Advanced Persistent Threat (APT), while the cyber-spying activities begun back in 2011 and the group targeted over 100 victims, out of which 70 percent of the victims were in India. Whereas the rest of the attacks were targeted towards Tibetan and Southeast Asian based activists as well as dozens of organizations in Bangladesh, Nepal, and Pakistan.
Over the time span of four years, the APT group used to send spear-phishing emails containing Microsoft Word documents embedded with a malicious script called Watermain. So whenever the targeted victim opens an infected document, the malicious script automatically creates backdoors on infected machines.
It was also found out that these spear-phishing attacks were also detected in April 2015, about a month ahead of Indian Prime Minister Narendra Modi’s first visit to China. But most of the hackers focus on targeting governmental, diplomatic, scientific and educational organizations.
According to the FireEye’s Asia Pacific Chief Technology Officer,
“Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighboring countries reflect the growing interest in its foreign affairs.” He further added, “Organizations should redouble their cybersecurity efforts and ensure they can prevent, detect and respond to attacks in order to protect themselves.”
The China-based hackers had modified their spying approach over the period of the last four years, but in these attempts, they largely depended on an exploit found in 2012. So this made it easier for hackers to target those victims who are using systems that are not patched against the known exploits.
Spying attacks by a China-based APT group on Indian based organizations have become common now. The previous APT30 cyber spying attack, which was almost a decade-long campaign, managed to compromise the security of Indian based defense and aerospace companies.
In the past, China was caught targeting Uyghur and Tibetan activists with a specially designed Android trojan. In 2014, the pro-democracy protesters in Hong Kong were also targeted by the Chinese government with Android spyware disguised as an OccupyCentral app.