China-based cyber-criminals targeting Indian organisations: FireEye
22 Aug 2015
Indian organisations are in the crosshair of suspected Chinese cyber-criminals, says cybesecurity firm FireEye.
FireEye added the key strategic goal of the attackers was to collect intelligence.
The firm added the attacks had also been detected in April 2015, about a month ahead of Indian prime minister Narendra Modi's first state visit to China.
The advanced persistent threat (APT) group behind the operation, which was most likely China-based, sent targeted spear phishing emails containing Microsoft Word attachments to its intended victims, according to FireEye.
"Collecting intelligence on India remains a key strategic goal for China-based APT groups, and these attacks on India and its neighbouring countries reflect growing interest in its foreign affairs," FireEye Chief Technology Officer (Asia Pacific) Bryce Boland said, PTI reported.
Organisations needed to redouble their cyber security efforts and ensure they could detect and respond to attacks so as to protect themselves, he added.
According to the cyber security firm, organisations based in Nepal, Pakistan and Bangladesh were also under similar threats.
Explaining the attacks, FireEye said the documents sent were related to regional issues and contained a script called WATERMAIN, which created backdoors on infected machines.
According to FireEye, WATERMAIN had been active since 2011 and over the past four years, APT had used it to target over 100 victims of whom approximately 70 per cent were from India.
"The group launching WATERMAIN attacks has also targeted Tibetan activists and others in Southeast Asia, with a focus on governmental, diplomatic, scientific and educational organisations," FireEye said.
The cyber espionage group, was taking advantage of India's weak cyberdefences to make deep inroads into government bodies and academic institutions to steal sensitive diplomatic information.
Though the group had also attacked other South and Southeast Asian countries, as also Tibetan activists outside China, over the past four years, the group seemed particularly interested in India and its border disputes with neighbouring countries.
''It is most likely Chinese,'' said Boland, in an interview. ''We don't have a smoking gun, but all roads lead to China,'' The Washington Post reported.
According to commentators, the report would likely add to the mistrust between the two countries, which went to war in 1962 and continue to dispute large parts of their 2,500-mile border.
Boland said the attacker took advantage of a vulnerability in Microsoft software that had been known about for three years.
The fact that dozens of attacks were successful underlined India's inability to detect and defend against such attacks, he said, adding India's cyberdefences were in ''very poor state''.