A sophisticated cyberespionage group, likely based in China, is capitalizing on India’s fragile cyberdefenses to burrow deep into the computer systems of government departments and educational institutions. The group has specifically been focusing on diplomatic information, according to a top United States network security company.
According to FireEye the faction has also launched attacks on other Southeast and South Asian nations, as well as Tibetan campaigners outside the country during the past four years.
Yet the group seems unusually concerned with India and its boundary differences with neighboring nations.
In an interview, Bryce Boland, FireEye’s chief technology officer for Asia Pacific said, “It is most likely Chinese.” He added, “We don’t have a smoking gun, but all roads lead to China.”
The report is likely to spark suspicion between Asia’s two most heavily populated countries, which engaged one another in battle in 1962 and maintain a dispute over huge sections of their 2,500-mile boundary.
India’s boundary with Pakistan is also uncertain and greatly militarized, though India resolved another border disagreement with Bangladesh recently.
India and China are increasingly global competitors, with India luring manufacturing jobs from China and both nations racing each other in the field of space exploration.
According to FireEye, the cyber faction sent spear-phishing e-mail messages to its intended ‘prey’, with attachments of Microsoft Word documents containing details on regionally sensitive issues.
The attached documents contained a draft called WATERMAIN that when executed created a backdoor that would grant the hacker unrestricted access to the victim’s system.
According to Boland, the attackers exploited vulnerabilities in Microsoft’s software that have been well-known for three years. The fact that dozens of hacking attempts were victorious underlines India’s incapacity to sense and guard itself against such attacks, Boland said.
The group was careful not to leave traces that could pinpoint where the attacks were coming from. But the operation, which runs throughout the week and round the clock, appeared sophisticated and well-resourced.
In the past, Chinese cyberspies have given themselves away by, for example, using the same IP address used in hacking attacks to access social media accounts or even post photographs.
But the group targeting India appeared to have good operational security, Boland said, indicating a disciplined and well organized team.
The attacks highlight that the United States is not the only victim of Chinese cyber-war. It also potentially indicates that China is targeting other nations with weaker IT security after meeting increased resistance from U.S. government agencies and corporations who have invested heavily in IT security in recent years.