Cyberattacks from groups in India targeted China, Pak & Nepal, claims Chinese media
“Cyberattacks from India disclosed” is the new propaganda by Chinese mouthpiece media as it claims that groups from India with possible intelligence background and state support constantly attacked defence and military units as well as state-owned enterprises in China, Nepal and Pakistan over the past few years, Global Times reported.
Investigations conducted by several of China’s leading cybersecurity companies have revealed a sophisticated network. “Evil flower in South Asia, lure of beauty, ghost war elephants roaming the Himalayas are the code names for real groups from India with possible intelligence background and state support,” Global Times said.
Chinese tech giant 360 Security Technology also told the Global Times that hackers from India have been caught actively launching cyberattacks targeting multiple organisations and individuals in China in the past two years. In 2020, the company monitored and captured more than 100 of initial payloads mostly from India and they induced users to execute malicious payloads through harpoon emails in various fields.
Their attacks were largely on the rise in the first half of 2021, targeting education, government, aerospace and defence industries in many fields. Those attacks were especially aimed at organisations or individuals mentioned in online trending topics on politics and economy, the pandemic situation and industrial activities, the company said.
These groups are normally known as Advanced Persistent Threat (APT) organisations made up of hackers with government support which focuses on persistent network attacks against specific targets. APT organisations are spread in the world, with many having been active in attacks against key infrastructure and government departments for years.
“China has been victim of cyberattacks for many years and the rising attacks from India once again revealed the severity of the situation and the urgency to speed up building of a cybersecurity safeguard system,” the report said.
India is a country that might be overlooked as a threat by the world intelligence community. Even other countries in South Asia may not be fully aware of its advanced cyber capabilities, the report said.
“Since March, we have detected several phishing activities targeting government, defence and military units, as well as state-owned enterprises in China, Pakistan, and Nepal,” Antiy Labs, one of China’s renowned cybersecurity companies, said in a statement sent to the Global Times.
“The organisation behind the attacks is from India and its activities can be traced back to as early as April 2019. So far, more than 100 phishing counterfeit websites created by the organization have been detected by Antiy Labs,” the report said.
The company’s vice chief engineer, Li Bosong, told the Global Times that the organization has been known to target Chinese government departments through spear-phishing, that is when the hackers disguise themselves as government or military personnel and deliver emails with phishing attachments or embedded links to targets, luring them to visit the websites created by them and collecting the account password for intelligence gathering.
Cybersecurity analysts from the company believe that an intelligence organization is likely behind such accurate hacks.
For example, in the early stage of the Covid-19 pandemic, 360 Security Technology busted the hacking group CNC (APT-C-48) which launched attacks on China’s medical institutes through forged physical examination forms taking advantage of the Covid-19 outbreaks in China. In April this year, the CNC launched fresh attacks targeting aerospace industries in the midst of China’s space events in June.
In November 2020, an APT organisation known as Evil Flower in South Asia launched an attack against a research institute on traditional Chinese medicine, a cybersecurity insider told the Global Times. “The organisation has been active since early November 2013, but remained undetected until 2016, when it was first revealed by a foreign cybersecurity vendor.”
Evil Flower has a strong political background, mainly targeting Pakistan and China. In 2018, its activities against Saudi Arabia were revealed, targeting government departments, power generation and military industries with the intention of stealing sensitive data. In 2019, it also strengthened the attacks on China’s import and export enterprises, the insider said.
“Attacks from India highlighted how cybersecurity risks have mushroomed along with the rapid development of China’s Internet sector. Over the years, China has been a major victim of cyberattacks and the web has become a new weapon from the US and its allies against China and Russia in the information war,” Global Times said.
Shen Yi, deputy director of the Fudan University Cyberspace Research Center, told the Global Times on Thursday India conducted numerous cooperation with the US in cybersecurity and it is reasonable to speculate that behind the hacker groups there is intelligence sharing between India and the US.
Qin An, head of the Beijing-based Institute of China Cyberspace Strategy, believes India’s constant harassment and challenges in cyberspace are in line with the US Indo-Pacific Strategy, the report said.