HomeRegional GeopoliticsIndia has become a major source of cybersecurity threats in China: Security...

India has become a major source of cybersecurity threats in China: Security Expert

Source : South China Morning Post (SCMP)

India has become a major source of cybersecurity threats in China: Security Expert

Beijing: A series of cyberattacks originating from India have been highlighted in recent reports by Chinese cybersecurity firms, with the attacks targeting China and Pakistan, among others.

So far, the foreign ministries of China and India have not issued any responses.

One cyberattack on the Chinese military, which was intercepted by a cybersecurity organisation in China in December, was believed to be orchestrated by a group of hackers from India. The attack bore striking similarities to previous ones in terms of targets and methodologies, suggesting the involvement of the same group.

This group, identified as an advanced persistent threat (APT) and active since at least November 2013, was first discovered and named “Bitter” by American security firm Forcepoint and “Manlinghua” by Chinese company Qihoo 360 in 2016.

Over that time, the increasing exposure of Bitter’s activities has shed light on its political motives, as it primarily targets Pakistan and China, and focuses on government agencies, military and nuclear sectors.

d4c560de d1cc 4035 97b3 772fe3ad102f 0a6bbca1
Codes of one of Bitter’s Trojan Horse programs that steals host name and computer name. Photo: Tencent

Cybersecurity analysts suspect the group’s origins trace back to India, potentially with state support, based on IP address locations and linguistic patterns observed in the attacks. Moreover, Bitter is believed to be connected with several other groups that are suspected to be Indian, including Patchwork, SideWinder and Donot, among others.

“Contrary to popular belief that China’s cyber threats mainly come from the United States, professionals in the field point out that a significant number of attacks originate from South Asian countries,” said a Beijing-based security expert involved in the investigation of the attacks, who requested not to be named due to the sensitivity of the issue.

China and India, the world’s two most populous nations, have a complex relationship. It is marked by border disputes and ongoing conflicts on the one hand, but also rising bilateral trade on the other.

Amid the cyber offensives, China’s foreign ministry has consistently refrained from public condemnation.

Similarly, the foreign ministry in India has not commented, though Indian media has occasionally criticised Chinese cyber intrusions, such as a December 2022 report by Outlook India alleging Chinese hackers targeted Indian medical research institutes and power grid infrastructure.

Bitter employs two primary attack strategies: spear phishing and watering hole attacks.

Spear phishing involves sending targeted individuals bait documents or links via email, which, when opened, deploy Trojans to download malicious modules, steal data and allow further instructions from the attackers.

Watering hole attacks compromise legitimate websites to host malicious files or create fake websites to trap victims, usually centred on content of interest to the target person, such as shared forum software tools.

“Despite not being the most sophisticated in technique, Bitter’s customised and varied approaches to different targets have proven effective. Just like telecommunications fraud, although many methods are simple, people are still fooled every year,” said the anonymous expert.

Bitter’s operations, primarily focused on intelligence gathering, may not appear destructive on the surface, but can lead to significant information breaches with immeasurable consequences.

According to disclosures by cybersecurity firms including Anheng, QiAnXin, Intezer, and Secuinfra, there were seven attacks in 2022 and eight in 2023 closely linked to Bitter, targeting Pakistan, Bangladesh, Mongolia and China.

These attacks varied from impersonating the Kyrgyzstan embassy to sending emails to the Chinese nuclear industry. Hackers also posed as military contractors offering anti-drone systems to the Bangladeshi Air Force and even exploited compromised email accounts to spread malicious files under the guise of New Year greetings.

“Given the broad net these attacks cast, it’s likely that such incidents are continually occurring in the background,” the expert said.

“When assessing the impact of cyberattacks, the focus is on the targets and consequences. Sometimes, sensitive industry victims cannot disclose breaches, and at other times, only traces of hackers’ activities are detected without direct losses,” he added.

“The actual harm caused by Bitter is difficult to quantify with the reported incidents. In most cases they cause little harm, but under certain circumstances, the incident represents just the tip of the iceberg of potential risks.”

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Aatmanirbhar Bharat

All

India invites Philippines to partner in co-development & co-production of defence equipment

The fifth meeting of the India-Philippines Joint Defence Cooperation Committee (JDCC) was held in Manila on September 11. The meeting was co-chaired by Defence...

Indian navy: BEL receives order worth Rs 850 crore for supply of indigenous Multi Function Radar to protect naval ships

Government owned Bharat Electronics Ltd (BEL) on Wednesday announced that it received orders worth Rs 1,155 crore. This includes an order worth Rs 850...

AMCA 5th Generation Stealth Fighter Updates

AMCA to be integrated with sophisticated indigenous Distributed Aperture System (DAS) that making it a formidable air asset for the Indian Air Force

Source : IgMp Bureau India’s Advanced Medium Combat Aircraft (AMCA) is on the brink of a revolutionary transformation with the integration of a sophisticated Distributed...

AMCA to incorporate the best features of both 5th and 6th Generation fighters: ADA sources

Source : IgMp Bureau India's strides toward indigenous air dominance receive a substantial boost with the green signal for the Advanced Medium Combat Aircraft (AMCA)...

Most Popular

Recent Comments

Archive Months

Miscellanous

Russia-Ukraine War: Ukrainian drones kill six, wound 35 in Russian border region

A Ukrainian drone attack hit vehicles carrying workers in Russia's frontier Belgorod region, killing six people and injuring 35, the governor said Monday.Belgorod has...

MoD signs contract worth Rs.1,752 crore with AWEIL for supply of Remote Control Guns for the Indian Navy and Indian Coast Guard

Source : The Economic Times The Ministry of Defence has recently signed a contract with Advanced Weapon Equipment India Ltd. (AWEIL), Kanpur, for the manufacturing and supply of 463...
Visits
error: Content is protected !!