Thursday, November 14, 2024

India has become a major source of cybersecurity threats in China: security experts

Must read


The group, identified as Advanced Persistent Threat (APT), has been active since at least November 2013, was first discovered by American security firm Forcepoint in 2016, and has been dubbed “Bitter” and “Manlinghua” by Chinese company Qihoo 360. ” was named.

Meanwhile, Bitter’s activities became increasingly exposed and their political motivations revealed. This is because Bitter primarily targets Pakistan and China and focuses on government agencies. army and the nuclear sector.
Code for one of Bitter’s Trojan horse programs that steals hostnames and computer names.Photo: Tencent

Cybersecurity analysts suspect that the group’s origins can be traced back to India and possibly state-backed, based on the location of IP addresses and language patterns observed in the attacks. Additionally, Bitter is believed to have ties to several other groups suspected to be Indian, including Patchwork, SideWinder, and Donot.

“Contrary to the common belief that Chinese cyber threats primarily come from China; Americaexperts in the field point out that a significant number of attacks originate from South Asian countries,” said a Beijing-based security expert involved in investigating the attack. The person requested anonymity due to the sensitivity of the issue.
China and India, the two most populous countries in the world, have Complex relationship. It is characterized on the one hand by border disputes and ongoing conflicts, but on the other hand by an increase in bilateral trade.

Amid cyberattacks, China’s Ministry of Foreign Affairs has consistently refrained from publicly condemning it.

Similarly, India’s Ministry of External Affairs has not commented, although Indian media has criticized it from time to time. Chinese cyber intrusiona December 2022 report by Outlook India alleges that Chinese hackers are targeting India’s medical research institutes and power grid infrastructure.

Russian hacker Alexander Ermakov linked to massive Australian data breach in 2022

Bitter employs two primaries attack strategy: Spearphishing and watering hole attacks.

Spear phishing involves emailing a decoy document or link to a targeted individual. Once opened, the Trojan horse is deployed, downloading malicious modules, stealing data, and allowing further instructions from the attacker.

Watering hole attacks compromise legitimate websites to host malicious files or create fake websites to trap victims. It typically focuses on content that is interesting to the target audience, such as shared forum software tools.

“Although not the most technically sophisticated, Bitter’s customized and diverse approach has proven effective against a variety of targets. Like wire fraud, the methods are often simple. but, people are still being fooled Every year,” said the anonymous expert.

Bitter’s operations are primarily focused on intelligence gathering, and while they do not appear to be destructive on the surface, they can lead to major information breaches with untold consequences.

01:48

Notorious former hacker hired by Vietnam’s Cybersecurity Agency to educate others about the dangers of hacking

Notorious former hacker hired by Vietnam’s Cybersecurity Agency to educate others about the dangers of hacking

According to disclosures from cybersecurity companies such as Anheng, QiAnXin, Intezer, and Secuinfra, seven attacks closely related to Bitter occurred in 2022 and eight in 2023, targeting Pakistan, Bangladesh, Mongolia, and China.

These attacks ranged from impersonating the Kyrgyz embassy to sending emails to China’s nuclear industry. The hackers also posed as military contractors providing anti-drone systems to the Bangladesh Air Force and used compromised email accounts to spread malicious files under the guise of New Year’s greetings.

“Given the widespread nature of these attacks, it is likely that such incidents continue to occur in the background,” the experts said.

“When assessing the impact, cyber attack, the focus is on goals and results. “In some cases, victims in sensitive industries may not be able to disclose the breach, and in other cases, only traces of the hacker’s activity may be detected without any direct loss,” he added. Ta.

“It is difficult to quantify the actual damage caused by Bitter from reported incidents. In most cases, there is little harm, but under certain circumstances, this incident could be an iceberg of potential risk.” It’s just one corner of the story.”



Source link

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article