International Hackers and Cyber Terrorists from North Korea, Pakistan and China Targeting India: Cyber Expert

New Delhi: India is facing threat from hackers and cyber terrorists backed by the government of North Korea, Pakistan and China.

A Singapore based, cybersecurity firm – Cyfirma, in its latest report, “India Threat Landscape Report 2020,” has highlighted how black-hat cyber hacking groups backed by states are eyeing India.

In its report, the intelligence firm has named four hacking groups – Stone Panda (Chinese), Mission 2025 (Chinese), Lazarus Group (North Korean), APT36 (Pakistan) who are targeting India.

The report further suggests that the hacking groups are eyeing to especially target government agencies, discoms and news organisations.

“Defacing websites using weakness in web applications, data exfiltration using specialized malware, denial of service, impersonating companies’ website and launching malicious phishing campaigns,” are some of the ways in which the cyber terrorists plan to attack digital India.

According to the report since India is a haven for start-ups, and a fertile ground for technological innovation, generating massive quantity of data that attract cybercriminals.

The reports reads, “Having monitored India cyber threat profile throughout the course of COVID-19 pandemic, our researchers have observed hackers’ increased interest towards India government agencies and conglomerates starting in February 2020.”

Attacks from China:

Cyfirma Research recorded extended conversations in the Chinese hacking communities discussing ways to ‘teach India a lesson’. Hackers expressed frustration with India and statements such as “this is one nation who doesn’t listen to us” was observed.

The cybercriminals were discussing, in Mandarin to target press and media companies, Telecommunication companies (private and public), Government websites including defencerelated agencies, Indian pharma companies, smartphones manufacturers, construction and tires companies.

In the hackers’ conversations, IP addresses were shared and discussed. Our analysis of these IP addresses attributed Gothic Panda and Stone Panda to be behind these potential hacking campaigns. These are two prolific hacking groups with close association with the Chinese Government.

Attacks from Pakistan:

Pakistan government-backed hacker group APT36 a.k.a Operation Transparent Tribe, ProjectM, Mythic Leopard has targeted Indian diplomats in the past to collect sensitive data like emails, passwords, and location data. In 2020, this threat actor was noticed to have impersonated the Indian government to send emails containing malware to victims, mostly Indians. The emails typically contained bogus health advisories on coronavirus. Victims who click on the attached document activate a malware that gives the hacker access to sensitive and important information like passwords, credit card information and location data stored on a user’s browser. Additionally, a number of other intrusions have been detected including a spearphishing campaign aimed at computers belonging to the Indian Railways. Pakistan’s conflict with India has been ongoing and APT36’s activities are a continuity of those hostilities.